@tern-secure/backend 1.2.0-canary.v20251030165007 → 1.2.0-canary.v20251108045933

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (42) hide show
  1. package/dist/__tests__/request.test.d.ts +2 -0
  2. package/dist/__tests__/request.test.d.ts.map +1 -0
  3. package/dist/admin/index.js +31 -8
  4. package/dist/admin/index.js.map +1 -1
  5. package/dist/admin/index.mjs +17 -8
  6. package/dist/admin/index.mjs.map +1 -1
  7. package/dist/admin/nextSessionTernSecure.d.ts.map +1 -1
  8. package/dist/admin/sessionTernSecure.d.ts.map +1 -1
  9. package/dist/auth/getauth.d.ts +1 -0
  10. package/dist/auth/getauth.d.ts.map +1 -1
  11. package/dist/auth/index.js +49 -31
  12. package/dist/auth/index.js.map +1 -1
  13. package/dist/auth/index.mjs +3 -3
  14. package/dist/{chunk-IBABNFOK.mjs → chunk-ASGV4MFO.mjs} +2 -2
  15. package/dist/{chunk-5AP2WM3W.mjs → chunk-DDUNOEIM.mjs} +20 -31
  16. package/dist/chunk-DDUNOEIM.mjs.map +1 -0
  17. package/dist/{chunk-VY5FVZL2.mjs → chunk-DFAJCSBJ.mjs} +17 -3
  18. package/dist/chunk-DFAJCSBJ.mjs.map +1 -0
  19. package/dist/{chunk-A5G3CWO5.mjs → chunk-MS6L7M3C.mjs} +9 -4
  20. package/dist/chunk-MS6L7M3C.mjs.map +1 -0
  21. package/dist/constants.d.ts +13 -1
  22. package/dist/constants.d.ts.map +1 -1
  23. package/dist/index.js +156 -39
  24. package/dist/index.js.map +1 -1
  25. package/dist/index.mjs +121 -11
  26. package/dist/index.mjs.map +1 -1
  27. package/dist/jwt/index.js +19 -30
  28. package/dist/jwt/index.js.map +1 -1
  29. package/dist/jwt/index.mjs +1 -1
  30. package/dist/jwt/verifyJwt.d.ts.map +1 -1
  31. package/dist/tokens/authstate.d.ts +16 -4
  32. package/dist/tokens/authstate.d.ts.map +1 -1
  33. package/dist/tokens/c-authenticateRequestProcessor.d.ts +5 -0
  34. package/dist/tokens/c-authenticateRequestProcessor.d.ts.map +1 -1
  35. package/dist/tokens/request.d.ts.map +1 -1
  36. package/dist/tokens/types.d.ts +4 -0
  37. package/dist/tokens/types.d.ts.map +1 -1
  38. package/package.json +9 -7
  39. package/dist/chunk-5AP2WM3W.mjs.map +0 -1
  40. package/dist/chunk-A5G3CWO5.mjs.map +0 -1
  41. package/dist/chunk-VY5FVZL2.mjs.map +0 -1
  42. /package/dist/{chunk-IBABNFOK.mjs.map → chunk-ASGV4MFO.mjs.map} +0 -0
package/dist/index.mjs CHANGED
@@ -1,19 +1,20 @@
1
1
  import {
2
2
  createTernSecureRequest
3
- } from "./chunk-IBABNFOK.mjs";
3
+ } from "./chunk-ASGV4MFO.mjs";
4
4
  import {
5
5
  getAuth,
6
6
  verifyToken
7
- } from "./chunk-A5G3CWO5.mjs";
7
+ } from "./chunk-MS6L7M3C.mjs";
8
8
  import {
9
9
  constants
10
- } from "./chunk-VY5FVZL2.mjs";
10
+ } from "./chunk-DFAJCSBJ.mjs";
11
11
  import {
12
12
  RefreshTokenErrorReason,
13
13
  TokenVerificationError,
14
14
  TokenVerificationErrorReason,
15
- mapJwtPayloadToDecodedIdToken
16
- } from "./chunk-5AP2WM3W.mjs";
15
+ mapJwtPayloadToDecodedIdToken,
16
+ ternDecodeJwt
17
+ } from "./chunk-DDUNOEIM.mjs";
17
18
 
18
19
  // src/createRedirect.ts
19
20
  var buildUrl = (_baseUrl, _targetUrl, _returnBackUrl) => {
@@ -76,16 +77,20 @@ var createRedirect = (params) => {
76
77
  // src/tokens/authstate.ts
77
78
  var AuthStatus = {
78
79
  SignedIn: "signed-in",
79
- SignedOut: "signed-out"
80
+ SignedOut: "signed-out",
81
+ Handshake: "handshake"
80
82
  };
81
83
  var AuthErrorReason = {
82
- SessionTokenAndUATMissing: "session-token-and-uat-missing",
84
+ AuthTimeout: "auth-timeout",
85
+ SessionTokenAndAuthMissing: "session-token-and-aut-missing",
83
86
  SessionTokenMissing: "session-token-missing",
84
87
  SessionTokenExpired: "session-token-expired",
85
- SessionTokenIATBeforeClientUAT: "session-token-iat-before-client-uat",
88
+ SessionTokenIATBeforeTernAUT: "session-token-iat-before-tern-aut",
86
89
  SessionTokenNBF: "session-token-nbf",
87
90
  SessionTokenIatInTheFuture: "session-token-iat-in-the-future",
88
- ActiveOrganizationMismatch: "active-organization-mismatch",
91
+ SessionTokenWithoutTernAUT: "session-token-but-no-tern-uat",
92
+ TernAutWithoutSessionToken: "tern-aut-but-no-session-token",
93
+ SyncRequired: "sync-required",
89
94
  UnexpectedError: "unexpected-error"
90
95
  };
91
96
  function createHasAuthorization(decodedIdToken) {
@@ -137,6 +142,7 @@ function signedIn(authCtx, sessionClaims, headers = new Headers(), token) {
137
142
  const authObject = signedInAuthObject(token, sessionClaims);
138
143
  return {
139
144
  status: AuthStatus.SignedIn,
145
+ message: null,
140
146
  reason: null,
141
147
  signInUrl: authCtx.signInUrl || "",
142
148
  signUpUrl: authCtx.signUpUrl || "",
@@ -161,6 +167,12 @@ function signedOut(authCtx, reason, message = "", headers = new Headers()) {
161
167
  }
162
168
  var decorateHeaders = (requestState) => {
163
169
  const headers = new Headers(requestState.headers || {});
170
+ if (requestState.message) {
171
+ try {
172
+ headers.set(constants.Headers.AuthMessage, requestState.message);
173
+ } catch {
174
+ }
175
+ }
164
176
  if (requestState.reason) {
165
177
  try {
166
178
  headers.set(constants.Headers.AuthReason, requestState.reason);
@@ -548,6 +560,9 @@ function mergePreDefinedOptions(userOptions = {}) {
548
560
  };
549
561
  }
550
562
 
563
+ // src/tokens/request.ts
564
+ import { ms } from "@tern-secure/shared/ms";
565
+
551
566
  // src/tokens/c-authenticateRequestProcessor.ts
552
567
  var RequestProcessorContext = class {
553
568
  constructor(ternSecureRequest, options) {
@@ -555,6 +570,7 @@ var RequestProcessorContext = class {
555
570
  this.options = options;
556
571
  this.initHeaderValues();
557
572
  this.initCookieValues();
573
+ this.initHandshakeValues();
558
574
  this.initUrlValues();
559
575
  Object.assign(this, options);
560
576
  this.ternUrl = this.ternSecureRequest.ternUrl;
@@ -583,6 +599,11 @@ var RequestProcessorContext = class {
583
599
  this.refreshTokenInCookie = this.getCookie(`${defaultPrefix}${constants.Cookies.Refresh}`);
584
600
  this.csrfTokenInCookie = this.getCookie(constants.Cookies.CsrfToken);
585
601
  this.customTokenInCookie = this.getCookie(constants.Cookies.Custom);
602
+ this.ternAuth = Number.parseInt(this.getCookie(constants.Cookies.TernAut) || "0", 10);
603
+ }
604
+ initHandshakeValues() {
605
+ this.handshakeToken = this.getQueryParam(constants.QueryParameters.Handshake) || this.getCookie(constants.Cookies.Handshake);
606
+ this.handshakeNonce = this.getQueryParam(constants.QueryParameters.HandshakeNonce) || this.getCookie(constants.Cookies.HandshakeNonce);
586
607
  }
587
608
  initUrlValues() {
588
609
  this.method = this.ternSecureRequest.method;
@@ -590,6 +611,9 @@ var RequestProcessorContext = class {
590
611
  this.endpoint = this.pathSegments[2];
591
612
  this.subEndpoint = this.pathSegments[3];
592
613
  }
614
+ getQueryParam(name) {
615
+ return this.ternSecureRequest.ternUrl.searchParams.get(name);
616
+ }
593
617
  getHeader(name) {
594
618
  return this.ternSecureRequest.headers.get(name) || void 0;
595
619
  }
@@ -621,6 +645,9 @@ import { getCookieName as getCookieNameEnvironment, getCookiePrefix } from "@ter
621
645
  function hasAuthorizationHeader(request) {
622
646
  return request.headers.has("Authorization");
623
647
  }
648
+ function convertToSeconds(value) {
649
+ return ms(value) / 1e3;
650
+ }
624
651
  function isRequestForRefresh(error, context, request) {
625
652
  return error.reason === TokenVerificationErrorReason.TokenExpired && !!context.refreshTokenInCookie && request.method === "GET";
626
653
  }
@@ -628,6 +655,17 @@ async function authenticateRequest(request, options) {
628
655
  const context = createRequestProcessor(createTernSecureRequest(request), options);
629
656
  const { refreshTokenInCookie } = context;
630
657
  const { refreshExpiredIdToken } = getAuth(options);
658
+ function checkSessionTimeout(authTimeValue) {
659
+ const defaultMaxAgeSeconds = convertToSeconds("5 days");
660
+ const REAUTH_PERIOD_SECONDS = context.session?.maxAge ? convertToSeconds(context.session.maxAge) : defaultMaxAgeSeconds;
661
+ const currentTime = Math.floor(Date.now() / 1e3);
662
+ const authAge = currentTime - authTimeValue;
663
+ console.log("Current time:", currentTime, "Auth age:", authAge, "Reauth period (s):", REAUTH_PERIOD_SECONDS);
664
+ if (authTimeValue > 0 && authAge > REAUTH_PERIOD_SECONDS) {
665
+ return signedOut(context, AuthErrorReason.AuthTimeout, "Authentication expired");
666
+ }
667
+ return null;
668
+ }
631
669
  async function refreshToken() {
632
670
  if (!refreshTokenInCookie) {
633
671
  return {
@@ -649,10 +687,10 @@ async function authenticateRequest(request, options) {
649
687
  }
650
688
  const headers = new Headers();
651
689
  const { idToken } = refreshedData;
652
- const maxAge = 3600;
690
+ const maxAge = 365 * 24 * 60 * 60;
653
691
  const cookiePrefix = getCookiePrefix();
654
692
  const idTokenCookieName = getCookieNameEnvironment(constants.Cookies.IdToken, cookiePrefix);
655
- const baseCookieAttributes = "HttpOnly; Secure; SameSite=Strict; Path=/";
693
+ const baseCookieAttributes = `HttpOnly; Secure; SameSite=Strict; Max-Age=${maxAge}; Path=/`;
656
694
  const idTokenCookie = `${idTokenCookieName}=${idToken}; ${baseCookieAttributes};`;
657
695
  headers.append("Set-Cookie", idTokenCookie);
658
696
  const { data: decoded, errors } = await verifyToken(idToken, options);
@@ -664,7 +702,78 @@ async function authenticateRequest(request, options) {
664
702
  }
665
703
  return { data: { decoded, token: idToken, headers }, error: null };
666
704
  }
705
+ async function handleLocalHandshakeWithErrorCheck(context2, reason, message, skipSessionCheck = false) {
706
+ const hasRefreshTokenInCookie = !!context2.refreshTokenInCookie;
707
+ if (!hasRefreshTokenInCookie) {
708
+ return signedOut(context2, reason, "Refresh token missing in cookie");
709
+ }
710
+ if (reason === AuthErrorReason.TernAutWithoutSessionToken) {
711
+ if (!skipSessionCheck) {
712
+ const sessionTimeoutResult = checkSessionTimeout(context2.ternAuth);
713
+ if (sessionTimeoutResult) {
714
+ return sessionTimeoutResult;
715
+ }
716
+ }
717
+ const { data, error } = await handleRefresh();
718
+ if (data) {
719
+ return signedIn(context2, data.decoded, data.headers, data.token);
720
+ }
721
+ return signedOut(context2, reason, "Failed to refresh idToken");
722
+ }
723
+ if (reason === AuthErrorReason.SessionTokenWithoutTernAUT || reason === AuthErrorReason.SessionTokenIATBeforeTernAUT) {
724
+ const { data, errors } = ternDecodeJwt(context2.idTokenInCookie);
725
+ if (errors) {
726
+ throw errors[0];
727
+ }
728
+ const authTime = data.payload.auth_time;
729
+ if (!authTime || typeof authTime !== "number") {
730
+ return signedOut(context2, reason, "Token missing auth_time");
731
+ }
732
+ if (!skipSessionCheck) {
733
+ const sessionTimeoutResult = checkSessionTimeout(authTime);
734
+ if (sessionTimeoutResult) {
735
+ return sessionTimeoutResult;
736
+ }
737
+ }
738
+ const { data: verifiedToken, errors: verifyErrors } = await verifyToken(context2.idTokenInCookie, options);
739
+ if (verifyErrors) {
740
+ throw verifyErrors[0];
741
+ }
742
+ const headers = new Headers();
743
+ const oneYearInSeconds = 365 * 24 * 60 * 60;
744
+ const ternAutCookie = `${constants.Cookies.TernAut}=${authTime}; Max-Age=${oneYearInSeconds}; Secure; SameSite=Strict; Path=/`;
745
+ headers.append("Set-Cookie", ternAutCookie);
746
+ return signedIn(context2, verifiedToken, headers, context2.idTokenInCookie);
747
+ }
748
+ return signedOut(context2, reason, message);
749
+ }
667
750
  async function authenticateRequestWithTokenInCookie() {
751
+ const hasTernAuth = context.ternAuth;
752
+ const hasIdTokenInCookie = !!context.idTokenInCookie;
753
+ if (!hasTernAuth && !hasIdTokenInCookie) {
754
+ return signedOut(context, AuthErrorReason.SessionTokenAndAuthMissing);
755
+ }
756
+ if (!hasTernAuth && hasIdTokenInCookie) {
757
+ return await handleLocalHandshakeWithErrorCheck(context, AuthErrorReason.SessionTokenWithoutTernAUT, "");
758
+ }
759
+ if (hasTernAuth && !hasIdTokenInCookie) {
760
+ return await handleLocalHandshakeWithErrorCheck(context, AuthErrorReason.TernAutWithoutSessionToken, "");
761
+ }
762
+ const sessionTimeoutResult = checkSessionTimeout(context.ternAuth);
763
+ if (sessionTimeoutResult) {
764
+ return sessionTimeoutResult;
765
+ }
766
+ const { data: decodedResult, errors: decodeErrors } = ternDecodeJwt(context.idTokenInCookie);
767
+ if (decodeErrors) {
768
+ return handleError(decodeErrors[0], "cookie");
769
+ }
770
+ const tokenIat = decodedResult.payload.iat;
771
+ if (!tokenIat) {
772
+ return signedOut(context, AuthErrorReason.SessionTokenMissing, "");
773
+ }
774
+ if (tokenIat < context.ternAuth) {
775
+ return await handleLocalHandshakeWithErrorCheck(context, AuthErrorReason.SessionTokenIATBeforeTernAUT, "", true);
776
+ }
668
777
  try {
669
778
  const { data, errors } = await verifyToken(context.idTokenInCookie, options);
670
779
  if (errors) {
@@ -675,6 +784,7 @@ async function authenticateRequest(request, options) {
675
784
  } catch (err) {
676
785
  return handleError(err, "cookie");
677
786
  }
787
+ return signedOut(context, AuthErrorReason.UnexpectedError);
678
788
  }
679
789
  async function authenticateRequestWithTokenInHeader() {
680
790
  const { sessionTokenInHeader } = context;
package/dist/index.mjs.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"sources":["../src/createRedirect.ts","../src/tokens/authstate.ts","../src/fireRestApi/endpoints/AbstractApi.ts","../src/fireRestApi/endpoints/EmailApi.ts","../src/fireRestApi/endpoints/PasswordApi.ts","../src/fireRestApi/endpoints/SignInTokenApi.ts","../src/fireRestApi/endpoints/SignUpApi.ts","../src/fireRestApi/endpoints/TokenApi.ts","../src/fireRestApi/endpoints/UserData.ts","../src/runtime.ts","../src/fireRestApi/emulator.ts","../src/fireRestApi/endpointUrl.ts","../src/fireRestApi/request.ts","../src/fireRestApi/createFireApi.ts","../src/utils/options.ts","../src/tokens/c-authenticateRequestProcessor.ts","../src/tokens/cookie.ts","../src/tokens/request.ts","../src/tokens/factory.ts","../src/instance/backendInstanceEdge.ts","../src/utils/logger.ts","../src/utils/enableDebugLogging.ts","../src/adapters/PostgresAdapter.ts","../src/adapters/RedisAdapter.ts","../src/adapters/index.ts"],"sourcesContent":["const buildUrl = (\n _baseUrl: string | URL,\n _targetUrl: string | URL,\n _returnBackUrl?: string | URL | null,\n) => {\n if (_baseUrl === '') {\n return legacyBuildUrl(_targetUrl.toString(), _returnBackUrl?.toString());\n }\n\n const baseUrl = new URL(_baseUrl);\n const returnBackUrl = _returnBackUrl ? new URL(_returnBackUrl, baseUrl) : undefined;\n const res = new URL(_targetUrl, baseUrl);\n\n if (returnBackUrl) {\n res.searchParams.set('redirect_url', returnBackUrl.toString());\n }\n return res.toString();\n};\n\nconst legacyBuildUrl = (targetUrl: string, redirectUrl?: string) => {\n let url;\n if (!targetUrl.startsWith('http')) {\n if (!redirectUrl || !redirectUrl.startsWith('http')) {\n throw new Error('destination url or return back url should be an absolute path url!');\n }\n\n const baseURL = new URL(redirectUrl);\n url = new URL(targetUrl, baseURL.origin);\n } else {\n url = new URL(targetUrl);\n }\n\n if (redirectUrl) {\n url.searchParams.set('redirect_url', redirectUrl);\n }\n\n return url.toString();\n};\n\ntype RedirectAdapter<RedirectReturn> = (url: string) => RedirectReturn;\ntype RedirectToParams = { returnBackUrl?: string | URL | null };\nexport type RedirectFun<ReturnType> = (params?: RedirectToParams) => ReturnType;\n\n/**\n * @internal\n */\ntype CreateRedirect = <ReturnType>(params: {\n redirectAdapter: RedirectAdapter<ReturnType>;\n baseUrl: URL | string;\n signInUrl?: URL | string;\n signUpUrl?: URL | string;\n}) => {\n redirectToSignIn: RedirectFun<ReturnType>;\n redirectToSignUp: RedirectFun<ReturnType>;\n};\n\nexport const createRedirect: CreateRedirect = params => {\n const { redirectAdapter, signInUrl, signUpUrl, baseUrl } = params;\n\n const redirectToSignUp = ({ returnBackUrl }: RedirectToParams = {}) => {\n if (!signUpUrl) {\n throw new Error('SignUp URL is not defined');\n }\n\n const pathToSignUpUrl = `${baseUrl}/sign-up`;\n\n function buildSignUpUrl(signIn: string | URL | undefined) {\n if (!signIn) {\n return;\n }\n const url = new URL(signIn, baseUrl);\n url.pathname = `${url.pathname}/create`;\n return url.toString();\n }\n\n const targetUrl = signUpUrl || buildSignUpUrl(signInUrl) || pathToSignUpUrl;\n\n return redirectAdapter(buildUrl(baseUrl, targetUrl, returnBackUrl));\n };\n\n const redirectToSignIn = ({ returnBackUrl }: RedirectToParams = {}) => {\n if (!signInUrl) {\n throw new Error('SignIn URL is not defined');\n }\n\n const pathToSignInUrl = `${baseUrl}/sign-in`;\n const targetUrl = signInUrl || pathToSignInUrl;\n\n return redirectAdapter(buildUrl(baseUrl, targetUrl, returnBackUrl));\n };\n\n return { redirectToSignUp, redirectToSignIn };\n};\n","import type { CheckAuthorizationFromSessionClaims, DecodedIdToken } from '@tern-secure/types';\nimport type { JWTPayload } from 'jose';\n\nimport { constants } from '../constants';\nimport type { TokenVerificationErrorReason } from '../utils/errors';\nimport { mapJwtPayloadToDecodedIdToken } from '../utils/mapDecode';\nimport type { RequestProcessorContext } from './c-authenticateRequestProcessor';\nimport type { TernSecureRequest } from './ternSecureRequest';\n\nexport const AuthStatus = {\n SignedIn: 'signed-in',\n SignedOut: 'signed-out',\n} as const;\n\nexport type AuthStatus = (typeof AuthStatus)[keyof typeof AuthStatus];\n\nexport const AuthErrorReason = {\n SessionTokenAndUATMissing: 'session-token-and-uat-missing',\n SessionTokenMissing: 'session-token-missing',\n SessionTokenExpired: 'session-token-expired',\n SessionTokenIATBeforeClientUAT: 'session-token-iat-before-client-uat',\n SessionTokenNBF: 'session-token-nbf',\n SessionTokenIatInTheFuture: 'session-token-iat-in-the-future',\n ActiveOrganizationMismatch: 'active-organization-mismatch',\n UnexpectedError: 'unexpected-error',\n} as const;\n\nexport type AuthErrorReason = (typeof AuthErrorReason)[keyof typeof AuthErrorReason];\n\nexport type AuthReason = AuthErrorReason | TokenVerificationErrorReason;\n\nexport type SignedInAuthObject = {\n sessionClaims: DecodedIdToken;\n userId: string;\n token: string;\n require: CheckAuthorizationFromSessionClaims;\n error: string | null;\n};\n\nexport type SignedOutAuthObject = {\n sessionClaims: null;\n userId: null;\n token: null;\n require: CheckAuthorizationFromSessionClaims;\n error: string | null;\n};\n\nexport type SignedInState = {\n status: typeof AuthStatus.SignedIn;\n reason: null;\n signInUrl: string;\n signUpUrl: string;\n isSignedIn: true;\n auth: () => SignedInAuthObject;\n token: string;\n headers: Headers;\n};\n\nexport type SignedOutState = {\n status: typeof AuthStatus.SignedOut;\n reason: string;\n isSignedIn: false;\n signInUrl: string;\n signUpUrl: string;\n auth: () => SignedOutAuthObject;\n token: null;\n headers: Headers;\n};\n\nexport type RequestState = SignedInState | SignedOutState;\n\nexport interface BackendInstance {\n ternSecureRequest: TernSecureRequest;\n requestState: RequestState;\n}\n\nexport type AuthObject = SignedInAuthObject | SignedOutAuthObject;\n\nfunction createHasAuthorization(\n decodedIdToken: DecodedIdToken,\n): CheckAuthorizationFromSessionClaims {\n return (authorizationParams: any) => {\n if (\n !authorizationParams ||\n typeof authorizationParams !== 'object' ||\n Array.isArray(authorizationParams)\n ) {\n return false;\n }\n const claims = decodedIdToken as Record<string, any>;\n\n return Object.entries(authorizationParams).every(([key, value]) => {\n const claimValue = claims[key];\n if (typeof claimValue === 'undefined') {\n return false;\n }\n if (Array.isArray(value)) {\n if (Array.isArray(claimValue)) {\n return value.some(v => claimValue.includes(v));\n }\n return value.includes(claimValue);\n }\n\n if (Array.isArray(claimValue)) {\n return claimValue.includes(value);\n }\n return claimValue === value;\n });\n };\n}\n\nexport function signedInAuthObject(\n sessionToken: string,\n sessionClaims: JWTPayload,\n): SignedInAuthObject {\n const decodedIdToken = mapJwtPayloadToDecodedIdToken(sessionClaims);\n return {\n sessionClaims: {\n ...decodedIdToken,\n },\n userId: decodedIdToken.uid,\n token: sessionToken,\n require: createHasAuthorization(decodedIdToken),\n error: null,\n };\n}\n\nexport function signedOutAuthObject(): SignedOutAuthObject {\n return {\n sessionClaims: null,\n userId: null,\n token: null,\n require: () => false,\n error: 'No active session',\n };\n}\n\nexport function signedIn(\n authCtx: RequestProcessorContext,\n sessionClaims: JWTPayload,\n headers: Headers = new Headers(),\n token: string,\n): SignedInState {\n const authObject = signedInAuthObject(token, sessionClaims);\n return {\n status: AuthStatus.SignedIn,\n reason: null,\n signInUrl: authCtx.signInUrl || '',\n signUpUrl: authCtx.signUpUrl || '',\n isSignedIn: true,\n auth: () => authObject,\n token,\n headers,\n };\n}\n\nexport function signedOut(\n authCtx: RequestProcessorContext,\n reason: AuthReason,\n message = '',\n headers: Headers = new Headers(),\n): SignedOutState {\n return decorateHeaders({\n status: AuthStatus.SignedOut,\n reason,\n message,\n signInUrl: authCtx.signInUrl || '',\n signUpUrl: authCtx.signUpUrl || '',\n isSignedIn: false,\n auth: () => signedOutAuthObject(),\n token: null,\n headers,\n });\n}\n\nconst decorateHeaders = <T extends RequestState>(requestState: T): T => {\n const headers = new Headers(requestState.headers || {});\n if (requestState.reason) {\n try {\n headers.set(constants.Headers.AuthReason, requestState.reason);\n } catch {\n // Ignore errors\n }\n }\n\n if (requestState.status) {\n try {\n headers.set(constants.Headers.AuthStatus, requestState.status);\n } catch {\n // Ignore errors\n }\n }\n requestState.headers = headers;\n return requestState;\n};\n","import type { RequestFunction } from '../request';\n\nexport abstract class AbstractAPI {\n constructor(protected request: RequestFunction) {}\n\n protected requireApiKey(apiKey: string) {\n if (!apiKey) {\n throw new Error('A valid API key is required.');\n }\n }\n}\n","import { AbstractAPI } from \"./AbstractApi\";\n\n\ntype sendEmailVerificationParams = {\n idToken: string;\n requestType: 'VERIFY_EMAIL';\n};\n\ntype ConfirmEmailVerificationParams = {\n oobCode: string;\n};\n\n\nexport class EmailApi extends AbstractAPI {\n public async verifyEmailVerification(apiKey: string, params: sendEmailVerificationParams) {\n this.requireApiKey(apiKey);\n const { ...restParams } = params;\n return this.request({\n endpoint: \"sendOobCode\",\n method: \"POST\",\n bodyParams: restParams,\n });\n }\n\n public async confirmEmailVerification(apiKey: string, params: ConfirmEmailVerificationParams) {\n this.requireApiKey(apiKey);\n const { ...restParams } = params;\n return this.request({\n endpoint: \"sendOobCode\",\n method: \"POST\",\n bodyParams: restParams,\n });\n }\n}","import { AbstractAPI } from \"./AbstractApi\";\n\n\ntype ConfirmPasswordResetParams = {\n oobCode: string;\n newPassword: string;\n};\n\ntype VerifyPasswordResetCodeParams = {\n oobCode: string;\n};\n\ntype ChangePasswordParams = {\n idToken: string;\n password: string;\n returnSecureToken?: boolean;\n};\n\nexport class PasswordApi extends AbstractAPI {\n public async verifyPasswordResetCode(apiKey: string, params: VerifyPasswordResetCodeParams) {\n this.requireApiKey(apiKey);\n const { ...restParams } = params;\n return this.request({\n endpoint: \"passwordReset\",\n method: \"POST\",\n bodyParams: restParams,\n });\n }\n\n public async confirmPasswordReset(apiKey: string, params: ConfirmPasswordResetParams) {\n this.requireApiKey(apiKey);\n const { ...restParams } = params;\n return this.request({\n endpoint: \"passwordReset\",\n method: \"POST\",\n bodyParams: restParams,\n });\n }\n\n public async changePassword(apiKey: string, params: ChangePasswordParams) {\n this.requireApiKey(apiKey);\n const { ...restParams } = params;\n return this.request({\n endpoint: \"passwordReset\",\n method: \"POST\",\n bodyParams: restParams,\n });\n }\n}","import type { IdAndRefreshTokens } from '../resources/Token';\nimport { AbstractAPI } from './AbstractApi';\n\n\ntype CreateSignInTokenParams = {\n token: string;\n returnSecureToken?: boolean;\n};\n\nexport class SignInTokenApi extends AbstractAPI {\n public async createCustomToken(\n apiKey: string,\n params: CreateSignInTokenParams,\n ): Promise<IdAndRefreshTokens> {\n try {\n this.requireApiKey(apiKey);\n const { ...restParams } = params;\n\n const response = await this.request<IdAndRefreshTokens>({\n endpoint: \"signInWithCustomToken\",\n method: 'POST',\n bodyParams: restParams,\n });\n\n if (response.errors) {\n const errorMessage = response.errors[0]?.message || 'Failed to create custom token';\n throw new Error(errorMessage);\n }\n\n return response.data;\n } catch (error) {\n const contextualMessage = `Failed to create custom token: ${error instanceof Error ? error.message : 'Unknown error'}`;\n throw new Error(contextualMessage);\n }\n }\n}\n","import { AbstractAPI } from \"./AbstractApi\";\n\n\ntype CreateSignUpTokenParams = {\n email: string;\n password: string;\n returnSecureToken?: boolean;\n};\n\n\nexport class SignUpApi extends AbstractAPI {\n public async createCustomToken(apiKey: string, params: CreateSignUpTokenParams) {\n this.requireApiKey(apiKey);\n const { ...restParams } = params;\n return this.request({\n endpoint: \"signUp\",\n method: \"POST\",\n bodyParams: restParams,\n });\n }\n\n}\n","import type { IdAndRefreshTokens } from '../resources/Token';\nimport { AbstractAPI } from './AbstractApi';\n\ntype RefreshTokenParams = {\n expired_token?: string;\n refresh_token: string;\n request_origin?: string;\n request_originating_ip?: string;\n request_headers?: Record<string, string[]>;\n suffixed_cookies?: boolean;\n format?: 'token' | 'cookie';\n};\n\ntype IdAndRefreshTokensParams = {\n token: string;\n returnSecureToken?: boolean;\n};\n\ntype IdAndRefreshTokensOptions = {\n referer?: string;\n};\n\nexport class TokenApi extends AbstractAPI {\n public async refreshToken(apiKey: string, params: RefreshTokenParams) {\n this.requireApiKey(apiKey);\n const { refresh_token, request_origin, ...restParams } = params;\n\n const headers: Record<string, string> = {};\n if (request_origin) {\n headers['Referer'] = request_origin;\n }\n\n const bodyParams = {\n grant_type: 'refresh_token',\n refresh_token,\n ...restParams,\n };\n\n return this.request({\n endpoint: 'refreshToken',\n method: 'POST',\n apiKey,\n bodyParams,\n headerParams: headers,\n });\n }\n\n public async exchangeCustomForIdAndRefreshTokens(\n apiKey: string,\n params: IdAndRefreshTokensParams,\n options?: IdAndRefreshTokensOptions,\n ) {\n this.requireApiKey(apiKey);\n\n const headers: Record<string, string> = {};\n if (options?.referer) {\n headers['Referer'] = options.referer;\n }\n\n return this.request<IdAndRefreshTokens>({\n endpoint: 'signInWithCustomToken',\n method: 'POST',\n apiKey,\n bodyParams: params,\n headerParams: headers,\n });\n }\n}\n","import type { User } from '../resources/User';\nimport { AbstractAPI } from './AbstractApi';\n\ntype UserDataParams = {\n localId?: string;\n idToken?: string;\n};\n\ntype UserDataOptions = {\n referer?: string;\n};\n\nexport class UserData extends AbstractAPI {\n public async getUserData(apiKey: string, params: UserDataParams, options?: UserDataOptions) {\n this.requireApiKey(apiKey);\n const { ...restParams } = params;\n\n const headers: Record<string, string> = {};\n if (options?.referer) {\n headers['Referer'] = options.referer;\n }\n return this.request<User>({\n endpoint: 'lookup',\n method: 'POST',\n apiKey,\n bodyParams: restParams,\n headerParams: headers,\n });\n }\n}","/**\n * This file exports APIs that vary across runtimes (i.e. Node & Browser - V8 isolates)\n * as a singleton object.\n *\n * Runtime polyfills are written in VanillaJS for now to avoid TS complication. Moreover,\n * due to this issue https://github.com/microsoft/TypeScript/issues/44848, there is not a good way\n * to tell Typescript which conditional import to use during build type.\n *\n * The Runtime type definition ensures type safety for now.\n * Runtime js modules are copied into dist folder with bash script.\n *\n * TODO: Support TS runtime modules\n */\n\n// @ts-ignore - These are package subpaths\nimport { webcrypto as crypto } from '#crypto';\n\ntype Runtime = {\n crypto: Crypto;\n fetch: typeof globalThis.fetch;\n AbortController: typeof globalThis.AbortController;\n Blob: typeof globalThis.Blob;\n FormData: typeof globalThis.FormData;\n Headers: typeof globalThis.Headers;\n Request: typeof globalThis.Request;\n Response: typeof globalThis.Response;\n};\n\n// Invoking the global.fetch without binding it first to the globalObject fails in\n// Cloudflare Workers with an \"Illegal Invocation\" error.\n//\n// The globalThis object is supported for Node >= 12.0.\n//\n// https://github.com/supabase/supabase/issues/4417\nconst globalFetch = fetch.bind(globalThis);\n\nexport const runtime: Runtime = {\n crypto,\n get fetch() {\n // We need to use the globalFetch for Cloudflare Workers but the fetch for testing\n return process.env.NODE_ENV === 'test' ? fetch : globalFetch;\n },\n AbortController: globalThis.AbortController,\n Blob: globalThis.Blob,\n FormData: globalThis.FormData,\n Headers: globalThis.Headers,\n Request: globalThis.Request,\n Response: globalThis.Response,\n};\n","export const FIREBASE_AUTH_EMULATOR_HOST = process.env.FIREBASE_AUTH_EMULATOR_HOST;\n\nexport function emulatorHost(): string | undefined {\n if (typeof process === 'undefined') return undefined;\n return FIREBASE_AUTH_EMULATOR_HOST;\n}\n\nexport function useEmulator(): boolean {\n return !!emulatorHost();\n}\n","import { FIREBASE_AUTH_EMULATOR_HOST, useEmulator } from './emulator';\n\nexport const topLevelEndpoint = (apiKey: string, projectId: string, version: string) => {\n return `https://identitytoolkit.googleapis.com/${version}/projects/${projectId}${apiKey}`;\n};\n\nexport const lookupEndpoint = (apiKey: string) => {\n return `https://identitytoolkit.googleapis.com/v1/accounts:lookup?key=${apiKey}`;\n};\n\nexport const getRefreshTokenEndpoint = (apiKey: string) => {\n return `https://securetoken.googleapis.com/v1/token?key=${apiKey}`;\n};\n\nexport const signInWithPassword = (apiKey: string) => {\n return `https://identitytoolkit.googleapis.com/v1/accounts:signInWithPassword?key=${apiKey}`;\n};\n\nexport const signUpEndpoint = (apiKey: string) => {\n return `https://identitytoolkit.googleapis.com/v1/accounts:signUp?key=${apiKey}`;\n};\n\nexport const getCustomTokenEndpoint = (apiKey: string) => {\n if (useEmulator() && FIREBASE_AUTH_EMULATOR_HOST) {\n let protocol = 'http://';\n if (FIREBASE_AUTH_EMULATOR_HOST.startsWith('http://')) {\n protocol = '';\n }\n\n return `${protocol}${FIREBASE_AUTH_EMULATOR_HOST}/identitytoolkit.googleapis.com/v1/accounts:signInWithCustomToken?key=${apiKey}`;\n }\n return `https://identitytoolkit.googleapis.com/v1/accounts:signInWithCustomToken?key=${apiKey}`;\n};\n\nexport const passwordResetEndpoint = (apiKey: string) => {\n return `https://identitytoolkit.googleapis.com/v1/accounts:resetPassword?key=${apiKey}`;\n};\n","import type {\n TernSecureFireRestError,\n TernSecureFireRestErrorJSON,\n} from \"@tern-secure/types\";\n\nimport { constants } from \"../constants\";\nimport { runtime } from \"../runtime\";\nimport {\n getCustomTokenEndpoint,\n getRefreshTokenEndpoint,\n lookupEndpoint,\n passwordResetEndpoint,\n signInWithPassword,\n signUpEndpoint,\n} from \"./endpointUrl\";\n\nexport type HTTPMethod = \"DELETE\" | \"GET\" | \"PATCH\" | \"POST\" | \"PUT\";\nexport type FirebaseEndpoint =\n | \"lookup\"\n | \"refreshToken\"\n | \"signInWithPassword\"\n | \"signUp\"\n | \"signInWithCustomToken\"\n | \"passwordReset\"\n | \"sendOobCode\"\n\nexport type BackendApiRequestOptions = {\n endpoint: FirebaseEndpoint;\n method?: HTTPMethod;\n apiKey?: string;\n queryParams?: Record<string, unknown>;\n headerParams?: Record<string, string>;\n bodyParams?: Record<string, unknown>;\n formData?: FormData;\n}\n\nexport type BackendApiResponse<T> =\n | {\n data: T;\n errors: null;\n totalCount?: number;\n }\n | {\n data: null;\n errors: TernSecureFireRestError[];\n totalCount?: never;\n status?: number;\n statusText?: string;\n retryAfter?: number;\n };\n\nexport type RequestFunction = ReturnType<typeof createRequest>;\n\ntype CreateRequestOptions = {\n apiKey?: string;\n apiUrl?: string;\n apiVersion?: string;\n};\n\nconst FIREBASE_ENDPOINT_MAP: Record<FirebaseEndpoint, (apiKey: string) => string> = {\n refreshToken: getRefreshTokenEndpoint,\n signInWithPassword: signInWithPassword,\n signUp: signUpEndpoint,\n signInWithCustomToken: getCustomTokenEndpoint,\n passwordReset: passwordResetEndpoint,\n sendOobCode: signInWithPassword,\n lookup: lookupEndpoint\n};\n\n\nexport function createRequest(options: CreateRequestOptions) {\n const requestFn = async <T>(\n requestOptions: BackendApiRequestOptions\n ): Promise<BackendApiResponse<T>> => {\n const { endpoint, method, apiKey, queryParams, headerParams, bodyParams, formData } =\n requestOptions;\n\n\n if (!apiKey) {\n return {\n data: null,\n errors: [\n {\n domain: \"none\",\n reason: \"invalid_parameter\",\n message: \"Firebase API key is required\",\n code: \"400\",\n },\n ],\n };\n }\n\n const endpointUrl = FIREBASE_ENDPOINT_MAP[endpoint](apiKey);\n const finalUrl = new URL(endpointUrl);\n\n if (queryParams) {\n Object.entries(queryParams).forEach(([key, value]) => {\n if (value) {\n [value].flat().forEach(v => finalUrl.searchParams.append(key, v as string));\n }\n });\n }\n\n const headers: Record<string, any> = {\n ...headerParams,\n };\n let res: Response | undefined;\n\n try {\n if (formData) {\n res = await runtime.fetch(finalUrl.href, {\n method,\n headers,\n body: formData,\n });\n } else {\n headers[\"Content-Type\"] = \"application/json\";\n const hasBody =\n method !== \"GET\" && bodyParams && Object.keys(bodyParams).length > 0;\n const body = hasBody ? { body: JSON.stringify(bodyParams) } : null;\n\n res = await runtime.fetch(finalUrl.href, {\n method,\n headers,\n ...body,\n });\n }\n\n const isJSONResponse =\n res?.headers &&\n res.headers?.get(constants.Headers.ContentType) ===\n constants.ContentTypes.Json;\n const responseBody = await (isJSONResponse ? res.json() : res.text());\n\n\n if (!res.ok) {\n return {\n data: null,\n errors: parseErrors(responseBody),\n status: res?.status,\n statusText: res?.statusText,\n };\n }\n\n return {\n data: responseBody,\n errors: null,\n };\n } catch (error) {\n if (error instanceof Error) {\n return {\n data: null,\n errors: [\n {\n domain: \"none\",\n reason: \"request_failed\",\n message: error.message || \"An unexpected error occurred\",\n code: \"500\",\n },\n ],\n };\n }\n\n return {\n data: null,\n errors: parseErrors(error),\n status: res?.status,\n statusText: res?.statusText,\n };\n }\n };\n return requestFn;\n}\n\nfunction parseErrors(data: unknown): TernSecureFireRestError[] {\n let parsedData = data;\n if (typeof data === \"string\") {\n try {\n parsedData = JSON.parse(data);\n } catch (error) {\n return [];\n }\n }\n\n if (!parsedData || typeof parsedData !== \"object\") {\n return [];\n }\n\n if (\"error\" in parsedData && typeof parsedData.error === \"object\" && parsedData.error !== null) {\n const errorObj = parsedData.error as any;\n\n if (\"errors\" in errorObj && Array.isArray(errorObj.errors) && errorObj.errors.length > 0) {\n return errorObj.errors.map((err: any) => parseError({\n code: errorObj.code || \"unknown_error\", \n message: err.message || \"Unknown error\",\n domain: err.domain,\n reason: err.reason\n }));\n }\n\n // Fallback: create single error from main error object\n return [parseError({\n code: errorObj.code?.toString() || \"unknown_error\",\n message: errorObj.message || \"Unknown error\",\n domain: errorObj.domain || \"unknown\",\n reason: errorObj.reason || errorObj.code?.toString() || \"unknown_error\"\n })];\n }\n\n return [];\n}\n\nexport function parseError(error: TernSecureFireRestErrorJSON): TernSecureFireRestError {\n return {\n domain: error.domain,\n reason: error.reason,\n message: error.message,\n code: error.code\n };\n}\n","import { EmailApi, PasswordApi, SignInTokenApi, SignUpApi, TokenApi, UserData } from './endpoints';\nimport { createRequest } from './request';\n\nexport type CreateFireApiOptions = Parameters<typeof createRequest>[0];\nexport type ApiClient = ReturnType<typeof createFireApi>;\n\nexport function createFireApi(options: CreateFireApiOptions) {\n const request = createRequest(options);\n return {\n email: new EmailApi(request),\n password: new PasswordApi(request),\n signIn: new SignInTokenApi(request),\n signUp: new SignUpApi(request),\n tokens: new TokenApi(request),\n userData: new UserData(request),\n };\n}\n","import type { AuthenticateRequestOptions} from \"../tokens/types\";\n\nexport type RuntimeOptions = Omit<AuthenticateRequestOptions, \"apiUrl\">;\n\nexport type buildTimeOptions = Partial<Pick<AuthenticateRequestOptions, \"apiKey\" | \"apiUrl\" | \"apiVersion\">>;\n\nconst defaultOptions: buildTimeOptions = {\n apiKey: undefined,\n apiUrl: undefined,\n apiVersion: undefined,\n};\n\nexport function mergePreDefinedOptions(\n userOptions: buildTimeOptions = {}\n): buildTimeOptions {\n return {\n ...defaultOptions,\n ...userOptions,\n };\n}","import type { AuthEndpoint, SessionSubEndpoint } from '@tern-secure/types';\n\nimport { constants } from '../constants';\nimport type { TernSecureRequest } from './ternSecureRequest';\nimport type { AuthenticateRequestOptions } from './types'; \n\n\n/**\n * Request context for better type safety and clarity\n */\ninterface RequestProcessorContext extends AuthenticateRequestOptions {\n // header-based values\n sessionTokenInHeader: string | undefined;\n origin: string | undefined;\n host: string | undefined;\n forwardedHost: string | undefined;\n forwardedProto: string | undefined;\n referrer: string | undefined;\n userAgent: string | undefined;\n secFetchDest: string | undefined;\n accept: string | undefined;\n\n // cookie-based values\n idTokenInCookie: string | undefined;\n refreshTokenInCookie: string | undefined;\n csrfTokenInCookie: string | undefined;\n sessionTokenInCookie?: string | undefined;\n customTokenInCookie?: string | undefined;\n\n method: string;\n pathSegments: string[];\n endpoint?: AuthEndpoint;\n subEndpoint?: SessionSubEndpoint;\n\n ternUrl: URL;\n instanceType: string;\n}\n\n/**\n * Request processor utility class for common operations\n */\nclass RequestProcessorContext implements RequestProcessorContext {\n public constructor(\n private ternSecureRequest: TernSecureRequest,\n private options: AuthenticateRequestOptions,\n ) {\n this.initHeaderValues();\n this.initCookieValues();\n this.initUrlValues();\n Object.assign(this, options);\n this.ternUrl = this.ternSecureRequest.ternUrl;\n }\n\n public get request(): TernSecureRequest {\n return this.ternSecureRequest;\n }\n\n private initHeaderValues() {\n this.sessionTokenInHeader = this.parseAuthorizationHeader(\n this.getHeader(constants.Headers.Authorization),\n );\n this.origin = this.getHeader(constants.Headers.Origin);\n this.host = this.getHeader(constants.Headers.Host);\n this.forwardedHost = this.getHeader(constants.Headers.ForwardedHost);\n this.forwardedProto =\n this.getHeader(constants.Headers.CloudFrontForwardedProto) ||\n this.getHeader(constants.Headers.ForwardedProto);\n this.referrer = this.getHeader(constants.Headers.Referrer);\n this.userAgent = this.getHeader(constants.Headers.UserAgent);\n this.secFetchDest = this.getHeader(constants.Headers.SecFetchDest);\n this.accept = this.getHeader(constants.Headers.Accept);\n }\n\n private initCookieValues() {\n const isProduction = process.env.NODE_ENV === 'production';\n const defaultPrefix = isProduction ? '__HOST-' : '__dev_';\n this.sessionTokenInCookie = this.getCookie(constants.Cookies.Session);\n\n // System-fixed cookies using backend constants\n this.idTokenInCookie = this.getCookie(`${defaultPrefix}${constants.Cookies.IdToken}`);\n this.refreshTokenInCookie = this.getCookie(`${defaultPrefix}${constants.Cookies.Refresh}`);\n this.csrfTokenInCookie = this.getCookie(constants.Cookies.CsrfToken);\n this.customTokenInCookie = this.getCookie(constants.Cookies.Custom);\n }\n\n private initUrlValues() {\n this.method = this.ternSecureRequest.method;\n this.pathSegments = this.ternSecureRequest.ternUrl.pathname.split('/').filter(Boolean);\n this.endpoint = this.pathSegments[2] as AuthEndpoint;\n this.subEndpoint = this.pathSegments[3] as SessionSubEndpoint;\n }\n\n private getHeader(name: string) {\n return this.ternSecureRequest.headers.get(name) || undefined;\n }\n\n private getCookie(name: string) {\n return this.ternSecureRequest.cookies.get(name) || undefined;\n }\n\n private parseAuthorizationHeader(\n authorizationHeader: string | undefined | null,\n ): string | undefined {\n if (!authorizationHeader) {\n return undefined;\n }\n\n const [scheme, token] = authorizationHeader.split(' ', 2);\n\n if (!token) {\n // No scheme specified, treat the entire value as the token\n return scheme;\n }\n\n if (scheme === 'Bearer') {\n return token;\n }\n\n // Skip all other schemes\n return undefined;\n }\n}\n\nexport type { RequestProcessorContext };\n\nexport const createRequestProcessor = (\n ternSecureRequest: TernSecureRequest,\n options: AuthenticateRequestOptions,\n): RequestProcessorContext => {\n return new RequestProcessorContext(ternSecureRequest, options);\n};\n","import { getCookieName as getCookieNameEnvironment, getCookiePrefix } from '@tern-secure/shared/cookie';\n\nexport const getCookieName = (cookieDirective: string): string => {\n return cookieDirective.split(';')[0]?.split('=')[0];\n};\n\nexport const getCookieValue = (cookieDirective: string): string => {\n return cookieDirective.split(';')[0]?.split('=')[1];\n};\n\nexport { getCookieNameEnvironment, getCookiePrefix };","import type { DecodedIdToken } from '@tern-secure/types';\n\nimport { getAuth } from '../auth';\nimport { constants } from '../constants';\nimport type { TokenCarrier } from '../utils/errors';\nimport {\n RefreshTokenErrorReason,\n TokenVerificationError,\n TokenVerificationErrorReason,\n} from '../utils/errors';\nimport type { RequestState, SignedInState, SignedOutState } from './authstate';\nimport { AuthErrorReason, signedIn, signedOut } from './authstate';\nimport { createRequestProcessor } from './c-authenticateRequestProcessor';\nimport { getCookieNameEnvironment, getCookiePrefix } from './cookie';\nimport { createTernSecureRequest } from './ternSecureRequest';\nimport type { AuthenticateRequestOptions } from './types';\nimport { verifyToken } from './verify';\n\nfunction hasAuthorizationHeader(request: Request): boolean {\n return request.headers.has('Authorization');\n}\n\nfunction isRequestForRefresh(\n error: TokenVerificationError,\n context: { refreshTokenInCookie?: string },\n request: Request,\n) {\n return (\n error.reason === TokenVerificationErrorReason.TokenExpired &&\n !!context.refreshTokenInCookie &&\n request.method === 'GET'\n );\n}\n\nexport async function authenticateRequest(\n request: Request,\n options: AuthenticateRequestOptions,\n): Promise<RequestState> {\n const context = createRequestProcessor(createTernSecureRequest(request), options);\n const { refreshTokenInCookie } = context;\n\n const { refreshExpiredIdToken } = getAuth(options);\n\n async function refreshToken() {\n if (!refreshTokenInCookie) {\n return {\n data: null,\n error: {\n message: 'No refresh token available',\n reason: AuthErrorReason.SessionTokenMissing,\n },\n };\n }\n return await refreshExpiredIdToken(refreshTokenInCookie, {\n referer: context.ternUrl.origin,\n });\n }\n\n async function handleRefresh(): Promise<\n | { data: { decoded: DecodedIdToken; token: string; headers: Headers }; error: null }\n | { data: null; error: any }\n > {\n const { data: refreshedData, error } = await refreshToken();\n if (!refreshedData) {\n return { data: null, error };\n }\n\n const headers = new Headers();\n const { idToken } = refreshedData;\n\n const maxAge = 3600;\n const cookiePrefix = getCookiePrefix();\n const idTokenCookieName = getCookieNameEnvironment(constants.Cookies.IdToken, cookiePrefix);\n const baseCookieAttributes = 'HttpOnly; Secure; SameSite=Strict; Path=/';\n\n const idTokenCookie = `${idTokenCookieName}=${idToken}; ${baseCookieAttributes};`;\n headers.append('Set-Cookie', idTokenCookie);\n\n const { data: decoded, errors } = await verifyToken(idToken, options);\n if (errors) {\n return {\n data: null,\n error: errors ? errors[0] : new Error('Failed to verify refreshed token'),\n };\n }\n return { data: { decoded, token: idToken, headers }, error: null };\n }\n\n async function authenticateRequestWithTokenInCookie() {\n try {\n // eslint-disable-next-line @typescript-eslint/no-non-null-assertion\n const { data, errors } = await verifyToken(context.idTokenInCookie!, options);\n\n if (errors) {\n throw errors[0];\n }\n\n // eslint-disable-next-line @typescript-eslint/no-non-null-assertion\n const signedInRequestState = signedIn(context, data, undefined, context.idTokenInCookie!);\n return signedInRequestState;\n } catch (err) {\n return handleError(err, 'cookie');\n }\n }\n\n async function authenticateRequestWithTokenInHeader() {\n const { sessionTokenInHeader } = context;\n try {\n // eslint-disable-next-line @typescript-eslint/no-non-null-assertion\n const { data, errors } = await verifyToken(sessionTokenInHeader!, options);\n\n if (errors) {\n throw errors[0];\n }\n\n // eslint-disable-next-line @typescript-eslint/no-non-null-assertion\n const signedInRequestState = signedIn(context, data, undefined, sessionTokenInHeader!);\n return signedInRequestState;\n } catch (err) {\n return handleError(err, 'header');\n }\n }\n\n async function handleError(\n err: unknown,\n tokenCarrier: TokenCarrier,\n ): Promise<SignedInState | SignedOutState> {\n if (!(err instanceof TokenVerificationError)) {\n return signedOut(context, AuthErrorReason.UnexpectedError);\n }\n\n let refreshError: string | null;\n if (isRequestForRefresh(err, context, request)) {\n const { data, error } = await handleRefresh();\n if (data) {\n return signedIn(context, data.decoded, data.headers, data.token);\n }\n\n if (error?.cause?.reason) {\n refreshError = error.cause.reason;\n }\n } else {\n if (request.method !== 'GET') {\n refreshError = RefreshTokenErrorReason.NonEligibleNonGet;\n } else if (!context.refreshTokenInCookie) {\n refreshError = RefreshTokenErrorReason.NonEligibleNoCookie;\n } else {\n refreshError = null;\n }\n }\n\n err.tokenCarrier = tokenCarrier;\n\n return signedOut(context, err.reason, err.getFullMessage());\n }\n\n if (hasAuthorizationHeader(request)) {\n return authenticateRequestWithTokenInHeader();\n }\n\n return authenticateRequestWithTokenInCookie();\n}\n","\nimport type { ApiClient } from '../fireRestApi';\nimport {\n type buildTimeOptions,\n mergePreDefinedOptions,\n type RuntimeOptions,\n} from '../utils/options';\nimport { authenticateRequest } from './request';\n\n/**\n * @internal\n */\nexport type CreateAuthenticateRequestOptions = {\n options: buildTimeOptions;\n apiClient: ApiClient;\n};\n\nexport function createAuthenticateRequest(params: CreateAuthenticateRequestOptions) {\n const buildTimeOptions = mergePreDefinedOptions(params.options);\n const apiClient = params.apiClient;\n\n const handleAuthenticateRequest = (request: Request, options: RuntimeOptions = {}) => {\n const { apiUrl } = buildTimeOptions;\n return authenticateRequest(request, { ...options, apiUrl, apiClient });\n };\n\n return {\n authenticateRequest: handleAuthenticateRequest,\n };\n}","import type { ApiClient,CreateFireApiOptions} from \"../fireRestApi\";\r\nimport { createFireApi } from \"../fireRestApi\";\r\nimport type { RequestState } from \"../tokens/authstate\";\r\nimport type { CreateAuthenticateRequestOptions } from \"../tokens/factory\";\r\nimport { createAuthenticateRequest } from \"../tokens/factory\";\r\nimport type {\r\n TernSecureRequest,\r\n} from \"../tokens/ternSecureRequest\";\r\n\r\nexport type TernSecureBackendOptions = CreateFireApiOptions & CreateAuthenticateRequestOptions['options'];\r\n\r\nexport type TernSecureBackendClient = ApiClient & ReturnType<typeof createAuthenticateRequest>;\r\n\r\nexport interface BackendInstance {\r\n ternSecureRequest: TernSecureRequest;\r\n requestState: RequestState;\r\n}\r\n\r\nexport function createBackendInstanceClient(options: TernSecureBackendOptions): TernSecureBackendClient {\r\n const opts = { ...options };\r\n const apiClient = createFireApi(opts);\r\n const requestState = createAuthenticateRequest({options: opts, apiClient});\r\n\r\n return {\r\n ...apiClient,\r\n ...requestState,\r\n };\r\n}\r\n","export enum LogLevel {\n ERROR = 0,\n WARN = 1,\n INFO = 2,\n DEBUG = 3,\n}\n\nexport interface LoggerOptions {\n enabled: boolean\n level: LogLevel\n prefix: string\n}\n\nexport class Logger {\n private options: LoggerOptions\n\n constructor(options: Partial<LoggerOptions> = {}) {\n this.options = {\n enabled: false,\n level: LogLevel.INFO,\n prefix: '[TernSecure-Backend]',\n ...options,\n }\n }\n\n enable(): void {\n this.options.enabled = true\n }\n\n disable(): void {\n this.options.enabled = false\n }\n\n setLevel(level: LogLevel): void {\n this.options.level = level\n }\n\n setPrefix(prefix: string): void {\n this.options.prefix = prefix\n }\n\n private log(level: LogLevel, levelName: string, message: string, ...args: any[]): void {\n if (!this.options.enabled || level > this.options.level) {\n return\n }\n\n const timestamp = new Date().toISOString()\n const formattedMessage = `${timestamp} ${this.options.prefix} [${levelName}] ${message}`\n \n switch (level) {\n case LogLevel.ERROR:\n console.error(formattedMessage, ...args)\n break\n case LogLevel.WARN:\n console.warn(formattedMessage, ...args)\n break\n case LogLevel.INFO:\n console.info(formattedMessage, ...args)\n break\n case LogLevel.DEBUG:\n console.debug(formattedMessage, ...args)\n break\n }\n }\n\n error(message: string, ...args: any[]): void {\n this.log(LogLevel.ERROR, 'ERROR', message, ...args)\n }\n\n warn(message: string, ...args: any[]): void {\n this.log(LogLevel.WARN, 'WARN', message, ...args)\n }\n\n info(message: string, ...args: any[]): void {\n this.log(LogLevel.INFO, 'INFO', message, ...args)\n }\n\n debug(message: string, ...args: any[]): void {\n this.log(LogLevel.DEBUG, 'DEBUG', message, ...args)\n }\n}\n\nexport const createLogger = (options?: Partial<LoggerOptions>): Logger => {\n return new Logger(options)\n}\n\nexport const redisLogger = createLogger({ prefix: '[TernSecure-Redis]' })\nexport const authLogger = createLogger({ prefix: '[TernSecure-Auth]' })","import { authLogger, LogLevel,redisLogger } from \"./logger\"\n\nexport function enableDebugLogging(): void {\n authLogger.enable()\n authLogger.setLevel(LogLevel.DEBUG)\n \n redisLogger.enable()\n redisLogger.setLevel(LogLevel.DEBUG)\n}\n\nexport function disableDebugLogging(): void {\n authLogger.disable()\n redisLogger.disable()\n}\n\nexport function setLogLevel(level: LogLevel): void {\n authLogger.setLevel(level)\n redisLogger.setLevel(level)\n}","import { authLogger } from \"../utils/logger\";\nimport type { DisabledUserAdapter, DisabledUserRecord, PostgresConfig } from \"./types\";\n\nexport class PostgresAdapter implements DisabledUserAdapter {\n private config: PostgresConfig;\n private tableName: string;\n\n constructor(config: PostgresConfig) {\n this.config = config;\n this.tableName = config.table || 'disabled_users';\n }\n\n getDisabledUser = async(uid: string): Promise<DisabledUserRecord | null> => {\n try {\n // For edge runtime, we'll use fetch to call a REST API endpoint\n // This avoids the need for full postgres client libraries in edge\n const response = await fetch(this.config.url, {\n method: 'POST',\n headers: {\n 'Content-Type': 'application/json',\n 'Authorization': `Bearer ${this.config.token}`,\n },\n body: JSON.stringify({\n query: `SELECT uid, email, disabled_time as \"disabledTime\" FROM ${this.tableName} WHERE uid = $1`,\n params: [uid],\n }),\n });\n\n if (!response.ok) {\n throw new Error(`HTTP error! status: ${response.status}`);\n }\n\n const result = await response.json();\n \n if (result.rows && result.rows.length > 0) {\n const row = result.rows[0];\n const disabledUser: DisabledUserRecord = {\n uid: row.uid,\n email: row.email,\n disabledTime: row.disabledTime,\n };\n \n authLogger.debug(`Found disabled user: ${uid}`);\n return disabledUser;\n }\n\n authLogger.debug(`No disabled user found: ${uid}`);\n return null;\n } catch (error) {\n authLogger.error('Failed to fetch disabled user from Postgres:', error);\n return null;\n }\n }\n}","import { Redis } from \"@upstash/redis\";\n\nimport { authLogger } from \"../utils/logger\";\nimport type {\n DisabledUserAdapter,\n DisabledUserRecord,\n RedisConfig,\n} from \"./types\";\n\ninterface CacheEntry<T> {\n value: T;\n expiresAt: number;\n}\n\nclass TTLCache<T> {\n private cache = new Map<string, CacheEntry<T>>();\n private readonly defaultTTL: number;\n\n constructor(defaultTTLMs: number = 60000) {\n this.defaultTTL = defaultTTLMs;\n }\n\n set(key: string, value: T, ttlMs?: number): void {\n const expiresAt = Date.now() + (ttlMs ?? this.defaultTTL);\n this.cache.set(key, { value, expiresAt });\n console.log(`TTLCache.set: key=${key}, value=${JSON.stringify(value)}, expiresAt=${expiresAt}, cacheSize=${this.cache.size}`);\n }\n\n private getEntry(key: string): CacheEntry<T> | undefined {\n const entry = this.cache.get(key);\n if (!entry) return undefined;\n\n const now = Date.now();\n if (now > entry.expiresAt) {\n console.log(`TTLCache: key=${key} expired (now=${now}, expiresAt=${entry.expiresAt})`);\n this.cache.delete(key);\n return undefined;\n }\n\n return entry;\n }\n\n get(key: string): T | undefined {\n const entry = this.getEntry(key);\n const hasEntry = entry !== undefined;\n const cacheHasKey = this.cache.has(key);\n const rawEntry = this.cache.get(key);\n \n console.log(`TTLCache.get: key=${key}, hasEntry=${hasEntry}, cacheHasKey=${cacheHasKey}`);\n console.log(`TTLCache.get: rawEntry=${JSON.stringify(rawEntry)}, entry=${JSON.stringify(entry)}`);\n \n if (!entry) {\n console.log(`TTLCache.get: no entry found for key=${key}, returning undefined`);\n return undefined;\n }\n\n console.log(`TTLCache.get: returning value=${JSON.stringify(entry.value)} for key=${key}`);\n return entry.value;\n }\n\n\n delete(key: string): boolean {\n return this.cache.delete(key);\n }\n\n clear(): void {\n this.cache.clear();\n }\n\n cleanup(): void {\n const now = Date.now();\n for (const [key, entry] of this.cache.entries()) {\n if (now > entry.expiresAt) {\n this.cache.delete(key);\n }\n }\n }\n}\n\nexport class RedisAdapter implements DisabledUserAdapter {\n private redis: Redis;\n private cache: TTLCache<DisabledUserRecord | null>;\n private keyPrefix: string;\n\n constructor(config: RedisConfig) {\n this.redis = new Redis({\n url: config.url,\n token: config.token,\n });\n\n this.keyPrefix = config.keyPrefix || \"disabled_user:\";\n const cacheTTL = config.ttl || 30000; // Default 30 seconds\n this.cache = new TTLCache<DisabledUserRecord | null>(cacheTTL);\n\n setInterval(() => this.cache.cleanup(), 5 * 60 * 1000);\n }\n\n getDisabledUser = async (uid: string): Promise<DisabledUserRecord | null> => {\n const cacheKey = `${this.keyPrefix}${uid}`;\n \n authLogger.debug(`RedisAdapter: Checking cache for key: ${cacheKey}`);\n \n // Try to get from cache first\n const cachedResult = this.cache.get(cacheKey);\n authLogger.debug(`RedisAdapter: Cache get result for ${cacheKey}:`, {\n cachedResult: JSON.stringify(cachedResult),\n isUndefined: cachedResult === undefined,\n type: typeof cachedResult\n });\n \n if (cachedResult !== undefined) {\n authLogger.debug(`Cache hit for disabled user: ${uid}`, { \n cacheKey,\n cachedResult: JSON.stringify(cachedResult)\n });\n return cachedResult;\n }\n\n authLogger.debug(\n `Cache miss for disabled user: ${uid}, fetching from Redis with key: ${cacheKey}`\n );\n\n try {\n const disabledUser: DisabledUserRecord | null =\n await this.redis.get(cacheKey);\n\n authLogger.debug(`Redis returned for key ${cacheKey}:`, { \n disabledUser: JSON.stringify(disabledUser),\n type: typeof disabledUser\n });\n\n // Cache the result (including null values to prevent repeated Redis calls)\n this.cache.set(cacheKey, disabledUser);\n \n authLogger.debug(`Cached disabled user result for: ${uid}`, {\n cacheKey,\n isDisabled: !!disabledUser,\n cachedValue: JSON.stringify(disabledUser)\n });\n\n return disabledUser;\n } catch (error) {\n authLogger.error(\"Failed to fetch disabled user from Redis:\", error);\n return null;\n }\n };\n\n invalidateCache(uid: string): void {\n const cacheKey = `${this.keyPrefix}${uid}`;\n this.cache.delete(cacheKey);\n }\n}\n","import { PostgresAdapter } from \"./PostgresAdapter\";\nimport { RedisAdapter } from \"./RedisAdapter\";\nimport type { AdapterConfiguration,DisabledUserAdapter } from \"./types\";\n\nexport function createAdapter(\n config: AdapterConfiguration\n): DisabledUserAdapter {\n switch (config.type) {\n case \"redis\":\n return new RedisAdapter(config.config as any);\n case \"postgres\":\n return new PostgresAdapter(config.config as any);\n default:\n throw new Error(`Unsupported adapter type: ${(config as any).type}`);\n }\n}\n\nexport function validateCheckRevokedOptions(options?: {\n enabled: boolean;\n adapter?: AdapterConfiguration;\n}): { isValid: boolean; error?: string } {\n if (options?.enabled && !options.adapter) {\n return {\n isValid: false,\n error: \"When checkRevoked.enabled is true, an adapter must be provided\",\n };\n }\n return { isValid: true };\n}\n\n\nexport { RedisAdapter } from './RedisAdapter';\nexport { PostgresAdapter } from './PostgresAdapter';\nexport type {\n DisabledUserAdapter,\n DisabledUserRecord,\n AdapterConfig,\n RedisConfig,\n PostgresConfig,\n AdapterType,\n AdapterConfiguration,\n CheckRevokedOptions,\n} from './types';\n"],"mappings":";;;;;;;;;;;;;;;;;;AAAA,IAAM,WAAW,CACf,UACA,YACA,mBACG;AACH,MAAI,aAAa,IAAI;AACnB,WAAO,eAAe,WAAW,SAAS,GAAG,gBAAgB,SAAS,CAAC;AAAA,EACzE;AAEA,QAAM,UAAU,IAAI,IAAI,QAAQ;AAChC,QAAM,gBAAgB,iBAAiB,IAAI,IAAI,gBAAgB,OAAO,IAAI;AAC1E,QAAM,MAAM,IAAI,IAAI,YAAY,OAAO;AAEvC,MAAI,eAAe;AACjB,QAAI,aAAa,IAAI,gBAAgB,cAAc,SAAS,CAAC;AAAA,EAC/D;AACA,SAAO,IAAI,SAAS;AACtB;AAEA,IAAM,iBAAiB,CAAC,WAAmB,gBAAyB;AAClE,MAAI;AACJ,MAAI,CAAC,UAAU,WAAW,MAAM,GAAG;AACjC,QAAI,CAAC,eAAe,CAAC,YAAY,WAAW,MAAM,GAAG;AACnD,YAAM,IAAI,MAAM,oEAAoE;AAAA,IACtF;AAEA,UAAM,UAAU,IAAI,IAAI,WAAW;AACnC,UAAM,IAAI,IAAI,WAAW,QAAQ,MAAM;AAAA,EACzC,OAAO;AACL,UAAM,IAAI,IAAI,SAAS;AAAA,EACzB;AAEA,MAAI,aAAa;AACf,QAAI,aAAa,IAAI,gBAAgB,WAAW;AAAA,EAClD;AAEA,SAAO,IAAI,SAAS;AACtB;AAmBO,IAAM,iBAAiC,YAAU;AACtD,QAAM,EAAE,iBAAiB,WAAW,WAAW,QAAQ,IAAI;AAE3D,QAAM,mBAAmB,CAAC,EAAE,cAAc,IAAsB,CAAC,MAAM;AACrE,QAAI,CAAC,WAAW;AACd,YAAM,IAAI,MAAM,2BAA2B;AAAA,IAC7C;AAEA,UAAM,kBAAkB,GAAG,OAAO;AAElC,aAAS,eAAe,QAAkC;AACxD,UAAI,CAAC,QAAQ;AACX;AAAA,MACF;AACA,YAAM,MAAM,IAAI,IAAI,QAAQ,OAAO;AACnC,UAAI,WAAW,GAAG,IAAI,QAAQ;AAC9B,aAAO,IAAI,SAAS;AAAA,IACtB;AAEA,UAAM,YAAY,aAAa,eAAe,SAAS,KAAK;AAE5D,WAAO,gBAAgB,SAAS,SAAS,WAAW,aAAa,CAAC;AAAA,EACpE;AAEA,QAAM,mBAAmB,CAAC,EAAE,cAAc,IAAsB,CAAC,MAAM;AACrE,QAAI,CAAC,WAAW;AACd,YAAM,IAAI,MAAM,2BAA2B;AAAA,IAC7C;AAEA,UAAM,kBAAkB,GAAG,OAAO;AAClC,UAAM,YAAY,aAAa;AAE/B,WAAO,gBAAgB,SAAS,SAAS,WAAW,aAAa,CAAC;AAAA,EACpE;AAEA,SAAO,EAAE,kBAAkB,iBAAiB;AAC9C;;;ACnFO,IAAM,aAAa;AAAA,EACxB,UAAU;AAAA,EACV,WAAW;AACb;AAIO,IAAM,kBAAkB;AAAA,EAC7B,2BAA2B;AAAA,EAC3B,qBAAqB;AAAA,EACrB,qBAAqB;AAAA,EACrB,gCAAgC;AAAA,EAChC,iBAAiB;AAAA,EACjB,4BAA4B;AAAA,EAC5B,4BAA4B;AAAA,EAC5B,iBAAiB;AACnB;AAqDA,SAAS,uBACP,gBACqC;AACrC,SAAO,CAAC,wBAA6B;AACnC,QACE,CAAC,uBACD,OAAO,wBAAwB,YAC/B,MAAM,QAAQ,mBAAmB,GACjC;AACA,aAAO;AAAA,IACT;AACA,UAAM,SAAS;AAEf,WAAO,OAAO,QAAQ,mBAAmB,EAAE,MAAM,CAAC,CAAC,KAAK,KAAK,MAAM;AACjE,YAAM,aAAa,OAAO,GAAG;AAC7B,UAAI,OAAO,eAAe,aAAa;AACrC,eAAO;AAAA,MACT;AACA,UAAI,MAAM,QAAQ,KAAK,GAAG;AACxB,YAAI,MAAM,QAAQ,UAAU,GAAG;AAC7B,iBAAO,MAAM,KAAK,OAAK,WAAW,SAAS,CAAC,CAAC;AAAA,QAC/C;AACA,eAAO,MAAM,SAAS,UAAU;AAAA,MAClC;AAEA,UAAI,MAAM,QAAQ,UAAU,GAAG;AAC7B,eAAO,WAAW,SAAS,KAAK;AAAA,MAClC;AACA,aAAO,eAAe;AAAA,IACxB,CAAC;AAAA,EACH;AACF;AAEO,SAAS,mBACd,cACA,eACoB;AACpB,QAAM,iBAAiB,8BAA8B,aAAa;AAClE,SAAO;AAAA,IACL,eAAe;AAAA,MACb,GAAG;AAAA,IACL;AAAA,IACA,QAAQ,eAAe;AAAA,IACvB,OAAO;AAAA,IACP,SAAS,uBAAuB,cAAc;AAAA,IAC9C,OAAO;AAAA,EACT;AACF;AAEO,SAAS,sBAA2C;AACzD,SAAO;AAAA,IACL,eAAe;AAAA,IACf,QAAQ;AAAA,IACR,OAAO;AAAA,IACP,SAAS,MAAM;AAAA,IACf,OAAO;AAAA,EACT;AACF;AAEO,SAAS,SACd,SACA,eACA,UAAmB,IAAI,QAAQ,GAC/B,OACe;AACf,QAAM,aAAa,mBAAmB,OAAO,aAAa;AAC1D,SAAO;AAAA,IACL,QAAQ,WAAW;AAAA,IACnB,QAAQ;AAAA,IACR,WAAW,QAAQ,aAAa;AAAA,IAChC,WAAW,QAAQ,aAAa;AAAA,IAChC,YAAY;AAAA,IACZ,MAAM,MAAM;AAAA,IACZ;AAAA,IACA;AAAA,EACF;AACF;AAEO,SAAS,UACd,SACA,QACA,UAAU,IACV,UAAmB,IAAI,QAAQ,GACf;AAChB,SAAO,gBAAgB;AAAA,IACrB,QAAQ,WAAW;AAAA,IACnB;AAAA,IACA;AAAA,IACA,WAAW,QAAQ,aAAa;AAAA,IAChC,WAAW,QAAQ,aAAa;AAAA,IAChC,YAAY;AAAA,IACZ,MAAM,MAAM,oBAAoB;AAAA,IAChC,OAAO;AAAA,IACP;AAAA,EACF,CAAC;AACH;AAEA,IAAM,kBAAkB,CAAyB,iBAAuB;AACtE,QAAM,UAAU,IAAI,QAAQ,aAAa,WAAW,CAAC,CAAC;AACtD,MAAI,aAAa,QAAQ;AACvB,QAAI;AACF,cAAQ,IAAI,UAAU,QAAQ,YAAY,aAAa,MAAM;AAAA,IAC/D,QAAQ;AAAA,IAER;AAAA,EACF;AAEA,MAAI,aAAa,QAAQ;AACvB,QAAI;AACF,cAAQ,IAAI,UAAU,QAAQ,YAAY,aAAa,MAAM;AAAA,IAC/D,QAAQ;AAAA,IAER;AAAA,EACF;AACA,eAAa,UAAU;AACvB,SAAO;AACT;;;AChMO,IAAe,cAAf,MAA2B;AAAA,EAChC,YAAsB,SAA0B;AAA1B;AAAA,EAA2B;AAAA,EAEvC,cAAc,QAAgB;AACtC,QAAI,CAAC,QAAQ;AACX,YAAM,IAAI,MAAM,8BAA8B;AAAA,IAChD;AAAA,EACF;AACF;;;ACGO,IAAM,WAAN,cAAuB,YAAY;AAAA,EACxC,MAAa,wBAAwB,QAAgB,QAAqC;AACxF,SAAK,cAAc,MAAM;AACzB,UAAM,EAAE,GAAG,WAAW,IAAI;AAC1B,WAAO,KAAK,QAAQ;AAAA,MAClB,UAAU;AAAA,MACV,QAAQ;AAAA,MACR,YAAY;AAAA,IACd,CAAC;AAAA,EACH;AAAA,EAEA,MAAa,yBAAyB,QAAgB,QAAwC;AAC5F,SAAK,cAAc,MAAM;AACzB,UAAM,EAAE,GAAG,WAAW,IAAI;AAC1B,WAAO,KAAK,QAAQ;AAAA,MAClB,UAAU;AAAA,MACV,QAAQ;AAAA,MACR,YAAY;AAAA,IACd,CAAC;AAAA,EACH;AACF;;;ACfO,IAAM,cAAN,cAA0B,YAAY;AAAA,EAC3C,MAAa,wBAAwB,QAAgB,QAAuC;AAC1F,SAAK,cAAc,MAAM;AACzB,UAAM,EAAE,GAAG,WAAW,IAAI;AAC1B,WAAO,KAAK,QAAQ;AAAA,MAClB,UAAU;AAAA,MACV,QAAQ;AAAA,MACR,YAAY;AAAA,IACd,CAAC;AAAA,EACH;AAAA,EAEA,MAAa,qBAAqB,QAAgB,QAAoC;AACpF,SAAK,cAAc,MAAM;AACzB,UAAM,EAAE,GAAG,WAAW,IAAI;AAC1B,WAAO,KAAK,QAAQ;AAAA,MAClB,UAAU;AAAA,MACV,QAAQ;AAAA,MACR,YAAY;AAAA,IACd,CAAC;AAAA,EACH;AAAA,EAEE,MAAa,eAAe,QAAgB,QAA8B;AAC1E,SAAK,cAAc,MAAM;AACzB,UAAM,EAAE,GAAG,WAAW,IAAI;AAC1B,WAAO,KAAK,QAAQ;AAAA,MAClB,UAAU;AAAA,MACV,QAAQ;AAAA,MACR,YAAY;AAAA,IACd,CAAC;AAAA,EACH;AACF;;;ACvCO,IAAM,iBAAN,cAA6B,YAAY;AAAA,EAC9C,MAAa,kBACX,QACA,QAC6B;AAC7B,QAAI;AACF,WAAK,cAAc,MAAM;AACzB,YAAM,EAAE,GAAG,WAAW,IAAI;AAE1B,YAAM,WAAW,MAAM,KAAK,QAA4B;AAAA,QACtD,UAAU;AAAA,QACV,QAAQ;AAAA,QACR,YAAY;AAAA,MACd,CAAC;AAED,UAAI,SAAS,QAAQ;AACnB,cAAM,eAAe,SAAS,OAAO,CAAC,GAAG,WAAW;AACpD,cAAM,IAAI,MAAM,YAAY;AAAA,MAC9B;AAEA,aAAO,SAAS;AAAA,IAClB,SAAS,OAAO;AACd,YAAM,oBAAoB,kCAAkC,iBAAiB,QAAQ,MAAM,UAAU,eAAe;AACpH,YAAM,IAAI,MAAM,iBAAiB;AAAA,IACnC;AAAA,EACF;AACF;;;ACzBO,IAAM,YAAN,cAAwB,YAAY;AAAA,EACzC,MAAa,kBAAkB,QAAgB,QAAiC;AAC9E,SAAK,cAAc,MAAM;AACzB,UAAM,EAAE,GAAG,WAAW,IAAI;AAC1B,WAAO,KAAK,QAAQ;AAAA,MAClB,UAAU;AAAA,MACV,QAAQ;AAAA,MACR,YAAY;AAAA,IACd,CAAC;AAAA,EACH;AAEF;;;ACCO,IAAM,WAAN,cAAuB,YAAY;AAAA,EACxC,MAAa,aAAa,QAAgB,QAA4B;AACpE,SAAK,cAAc,MAAM;AACzB,UAAM,EAAE,eAAe,gBAAgB,GAAG,WAAW,IAAI;AAEzD,UAAM,UAAkC,CAAC;AACzC,QAAI,gBAAgB;AAClB,cAAQ,SAAS,IAAI;AAAA,IACvB;AAEA,UAAM,aAAa;AAAA,MACjB,YAAY;AAAA,MACZ;AAAA,MACA,GAAG;AAAA,IACL;AAEA,WAAO,KAAK,QAAQ;AAAA,MAClB,UAAU;AAAA,MACV,QAAQ;AAAA,MACR;AAAA,MACA;AAAA,MACA,cAAc;AAAA,IAChB,CAAC;AAAA,EACH;AAAA,EAEA,MAAa,oCACX,QACA,QACA,SACA;AACA,SAAK,cAAc,MAAM;AAEzB,UAAM,UAAkC,CAAC;AACzC,QAAI,SAAS,SAAS;AACpB,cAAQ,SAAS,IAAI,QAAQ;AAAA,IAC/B;AAEA,WAAO,KAAK,QAA4B;AAAA,MACtC,UAAU;AAAA,MACV,QAAQ;AAAA,MACR;AAAA,MACA,YAAY;AAAA,MACZ,cAAc;AAAA,IAChB,CAAC;AAAA,EACH;AACF;;;ACvDO,IAAM,WAAN,cAAuB,YAAY;AAAA,EACtC,MAAa,YAAY,QAAgB,QAAwB,SAA2B;AAC5F,SAAK,cAAc,MAAM;AACzB,UAAM,EAAE,GAAG,WAAW,IAAI;AAE1B,UAAM,UAAkC,CAAC;AACzC,QAAI,SAAS,SAAS;AACpB,cAAQ,SAAS,IAAI,QAAQ;AAAA,IAC/B;AACA,WAAO,KAAK,QAAc;AAAA,MACxB,UAAU;AAAA,MACV,QAAQ;AAAA,MACR;AAAA,MACA,YAAY;AAAA,MACZ,cAAc;AAAA,IAChB,CAAC;AAAA,EACH;AACF;;;ACdA,SAAS,aAAa,cAAc;AAmBpC,IAAM,cAAc,MAAM,KAAK,UAAU;AAElC,IAAM,UAAmB;AAAA,EAC9B;AAAA,EACA,IAAI,QAAQ;AAEV,WAAO,QAAQ,IAAI,aAAa,SAAS,QAAQ;AAAA,EACnD;AAAA,EACA,iBAAiB,WAAW;AAAA,EAC5B,MAAM,WAAW;AAAA,EACjB,UAAU,WAAW;AAAA,EACrB,SAAS,WAAW;AAAA,EACpB,SAAS,WAAW;AAAA,EACpB,UAAU,WAAW;AACvB;;;AChDO,IAAM,8BAA8B,QAAQ,IAAI;AAEhD,SAAS,eAAmC;AACjD,MAAI,OAAO,YAAY,YAAa,QAAO;AAC3C,SAAO;AACT;AAEO,SAAS,cAAuB;AACrC,SAAO,CAAC,CAAC,aAAa;AACxB;;;ACHO,IAAM,iBAAiB,CAAC,WAAmB;AAChD,SAAO,iEAAiE,MAAM;AAChF;AAEO,IAAM,0BAA0B,CAAC,WAAmB;AACzD,SAAO,mDAAmD,MAAM;AAClE;AAEO,IAAM,qBAAqB,CAAC,WAAmB;AACpD,SAAO,6EAA6E,MAAM;AAC5F;AAEO,IAAM,iBAAiB,CAAC,WAAmB;AAChD,SAAO,iEAAiE,MAAM;AAChF;AAEO,IAAM,yBAAyB,CAAC,WAAmB;AACxD,MAAI,YAAY,KAAK,6BAA6B;AAChD,QAAI,WAAW;AACf,QAAI,4BAA4B,WAAW,SAAS,GAAG;AACrD,iBAAW;AAAA,IACb;AAEA,WAAO,GAAG,QAAQ,GAAG,2BAA2B,yEAAyE,MAAM;AAAA,EACjI;AACA,SAAO,gFAAgF,MAAM;AAC/F;AAEO,IAAM,wBAAwB,CAAC,WAAmB;AACvD,SAAO,wEAAwE,MAAM;AACvF;;;ACuBA,IAAM,wBAA8E;AAAA,EAClF,cAAc;AAAA,EACd;AAAA,EACA,QAAQ;AAAA,EACR,uBAAuB;AAAA,EACvB,eAAe;AAAA,EACf,aAAa;AAAA,EACb,QAAQ;AACV;AAGO,SAAS,cAAc,SAA+B;AAC3D,QAAM,YAAY,OAChB,mBACmC;AACnC,UAAM,EAAE,UAAU,QAAQ,QAAQ,aAAa,cAAc,YAAY,SAAS,IAChF;AAGF,QAAI,CAAC,QAAQ;AACX,aAAO;AAAA,QACL,MAAM;AAAA,QACN,QAAQ;AAAA,UACN;AAAA,YACE,QAAQ;AAAA,YACR,QAAQ;AAAA,YACR,SAAS;AAAA,YACT,MAAM;AAAA,UACR;AAAA,QACF;AAAA,MACF;AAAA,IACF;AAEA,UAAM,cAAc,sBAAsB,QAAQ,EAAE,MAAM;AAC1D,UAAM,WAAW,IAAI,IAAI,WAAW;AAEpC,QAAI,aAAa;AACf,aAAO,QAAQ,WAAW,EAAE,QAAQ,CAAC,CAAC,KAAK,KAAK,MAAM;AACpD,YAAI,OAAO;AACT,WAAC,KAAK,EAAE,KAAK,EAAE,QAAQ,OAAK,SAAS,aAAa,OAAO,KAAK,CAAW,CAAC;AAAA,QAC5E;AAAA,MACF,CAAC;AAAA,IACH;AAEA,UAAM,UAA+B;AAAA,MACnC,GAAG;AAAA,IACL;AACA,QAAI;AAEJ,QAAI;AACF,UAAI,UAAU;AACZ,cAAM,MAAM,QAAQ,MAAM,SAAS,MAAM;AAAA,UACvC;AAAA,UACA;AAAA,UACA,MAAM;AAAA,QACR,CAAC;AAAA,MACH,OAAO;AACL,gBAAQ,cAAc,IAAI;AAC1B,cAAM,UACJ,WAAW,SAAS,cAAc,OAAO,KAAK,UAAU,EAAE,SAAS;AACrE,cAAM,OAAO,UAAU,EAAE,MAAM,KAAK,UAAU,UAAU,EAAE,IAAI;AAE9D,cAAM,MAAM,QAAQ,MAAM,SAAS,MAAM;AAAA,UACvC;AAAA,UACA;AAAA,UACA,GAAG;AAAA,QACL,CAAC;AAAA,MACH;AAEA,YAAM,iBACJ,KAAK,WACL,IAAI,SAAS,IAAI,UAAU,QAAQ,WAAW,MAC5C,UAAU,aAAa;AAC3B,YAAM,eAAe,OAAO,iBAAiB,IAAI,KAAK,IAAI,IAAI,KAAK;AAGnE,UAAI,CAAC,IAAI,IAAI;AACX,eAAO;AAAA,UACL,MAAM;AAAA,UACN,QAAQ,YAAY,YAAY;AAAA,UAChC,QAAQ,KAAK;AAAA,UACb,YAAY,KAAK;AAAA,QACnB;AAAA,MACF;AAEA,aAAO;AAAA,QACL,MAAM;AAAA,QACN,QAAQ;AAAA,MACV;AAAA,IACF,SAAS,OAAO;AACd,UAAI,iBAAiB,OAAO;AAC1B,eAAO;AAAA,UACL,MAAM;AAAA,UACN,QAAQ;AAAA,YACN;AAAA,cACE,QAAQ;AAAA,cACR,QAAQ;AAAA,cACR,SAAS,MAAM,WAAW;AAAA,cAC1B,MAAM;AAAA,YACR;AAAA,UACF;AAAA,QACF;AAAA,MACF;AAEA,aAAO;AAAA,QACL,MAAM;AAAA,QACN,QAAQ,YAAY,KAAK;AAAA,QACzB,QAAQ,KAAK;AAAA,QACb,YAAY,KAAK;AAAA,MACnB;AAAA,IACF;AAAA,EACF;AACA,SAAO;AACT;AAEA,SAAS,YAAY,MAA0C;AAC7D,MAAI,aAAa;AACjB,MAAI,OAAO,SAAS,UAAU;AAC5B,QAAI;AACF,mBAAa,KAAK,MAAM,IAAI;AAAA,IAC9B,SAAS,OAAO;AACd,aAAO,CAAC;AAAA,IACV;AAAA,EACF;AAEA,MAAI,CAAC,cAAc,OAAO,eAAe,UAAU;AACjD,WAAO,CAAC;AAAA,EACV;AAEA,MAAI,WAAW,cAAc,OAAO,WAAW,UAAU,YAAY,WAAW,UAAU,MAAM;AAC9F,UAAM,WAAW,WAAW;AAE5B,QAAI,YAAY,YAAY,MAAM,QAAQ,SAAS,MAAM,KAAK,SAAS,OAAO,SAAS,GAAG;AACxF,aAAO,SAAS,OAAO,IAAI,CAAC,QAAa,WAAW;AAAA,QAClD,MAAM,SAAS,QAAQ;AAAA,QACvB,SAAS,IAAI,WAAW;AAAA,QACxB,QAAQ,IAAI;AAAA,QACZ,QAAQ,IAAI;AAAA,MACd,CAAC,CAAC;AAAA,IACJ;AAGA,WAAO,CAAC,WAAW;AAAA,MACjB,MAAM,SAAS,MAAM,SAAS,KAAK;AAAA,MACnC,SAAS,SAAS,WAAW;AAAA,MAC7B,QAAQ,SAAS,UAAU;AAAA,MAC3B,QAAQ,SAAS,UAAU,SAAS,MAAM,SAAS,KAAK;AAAA,IAC1D,CAAC,CAAC;AAAA,EACJ;AAEA,SAAO,CAAC;AACV;AAEO,SAAS,WAAW,OAA6D;AACtF,SAAO;AAAA,IACL,QAAQ,MAAM;AAAA,IACd,QAAQ,MAAM;AAAA,IACd,SAAS,MAAM;AAAA,IACf,MAAM,MAAM;AAAA,EACd;AACF;;;ACrNO,SAAS,cAAc,SAA+B;AAC3D,QAAM,UAAU,cAAc,OAAO;AACrC,SAAO;AAAA,IACL,OAAO,IAAI,SAAS,OAAO;AAAA,IAC3B,UAAU,IAAI,YAAY,OAAO;AAAA,IACjC,QAAQ,IAAI,eAAe,OAAO;AAAA,IAClC,QAAQ,IAAI,UAAU,OAAO;AAAA,IAC7B,QAAQ,IAAI,SAAS,OAAO;AAAA,IAC5B,UAAU,IAAI,SAAS,OAAO;AAAA,EAChC;AACF;;;ACVA,IAAM,iBAAmC;AAAA,EACvC,QAAQ;AAAA,EACR,QAAQ;AAAA,EACR,YAAY;AACd;AAEO,SAAS,uBACd,cAAgC,CAAC,GACf;AAClB,SAAO;AAAA,IACL,GAAG;AAAA,IACH,GAAG;AAAA,EACL;AACF;;;ACsBA,IAAM,0BAAN,MAAiE;AAAA,EACxD,YACG,mBACA,SACR;AAFQ;AACA;AAER,SAAK,iBAAiB;AACtB,SAAK,iBAAiB;AACtB,SAAK,cAAc;AACnB,WAAO,OAAO,MAAM,OAAO;AAC3B,SAAK,UAAU,KAAK,kBAAkB;AAAA,EACxC;AAAA,EAEA,IAAW,UAA6B;AACtC,WAAO,KAAK;AAAA,EACd;AAAA,EAEQ,mBAAmB;AACzB,SAAK,uBAAuB,KAAK;AAAA,MAC/B,KAAK,UAAU,UAAU,QAAQ,aAAa;AAAA,IAChD;AACA,SAAK,SAAS,KAAK,UAAU,UAAU,QAAQ,MAAM;AACrD,SAAK,OAAO,KAAK,UAAU,UAAU,QAAQ,IAAI;AACjD,SAAK,gBAAgB,KAAK,UAAU,UAAU,QAAQ,aAAa;AACnE,SAAK,iBACH,KAAK,UAAU,UAAU,QAAQ,wBAAwB,KACzD,KAAK,UAAU,UAAU,QAAQ,cAAc;AACjD,SAAK,WAAW,KAAK,UAAU,UAAU,QAAQ,QAAQ;AACzD,SAAK,YAAY,KAAK,UAAU,UAAU,QAAQ,SAAS;AAC3D,SAAK,eAAe,KAAK,UAAU,UAAU,QAAQ,YAAY;AACjE,SAAK,SAAS,KAAK,UAAU,UAAU,QAAQ,MAAM;AAAA,EACvD;AAAA,EAEQ,mBAAmB;AACzB,UAAM,eAAe,QAAQ,IAAI,aAAa;AAC9C,UAAM,gBAAgB,eAAe,YAAY;AACjD,SAAK,uBAAuB,KAAK,UAAU,UAAU,QAAQ,OAAO;AAGpE,SAAK,kBAAkB,KAAK,UAAU,GAAG,aAAa,GAAG,UAAU,QAAQ,OAAO,EAAE;AACpF,SAAK,uBAAuB,KAAK,UAAU,GAAG,aAAa,GAAG,UAAU,QAAQ,OAAO,EAAE;AACzF,SAAK,oBAAoB,KAAK,UAAU,UAAU,QAAQ,SAAS;AACnE,SAAK,sBAAsB,KAAK,UAAU,UAAU,QAAQ,MAAM;AAAA,EACpE;AAAA,EAEQ,gBAAgB;AACtB,SAAK,SAAS,KAAK,kBAAkB;AACrC,SAAK,eAAe,KAAK,kBAAkB,QAAQ,SAAS,MAAM,GAAG,EAAE,OAAO,OAAO;AACrF,SAAK,WAAW,KAAK,aAAa,CAAC;AACnC,SAAK,cAAc,KAAK,aAAa,CAAC;AAAA,EACxC;AAAA,EAEQ,UAAU,MAAc;AAC9B,WAAO,KAAK,kBAAkB,QAAQ,IAAI,IAAI,KAAK;AAAA,EACrD;AAAA,EAEQ,UAAU,MAAc;AAC9B,WAAO,KAAK,kBAAkB,QAAQ,IAAI,IAAI,KAAK;AAAA,EACrD;AAAA,EAEQ,yBACN,qBACoB;AACpB,QAAI,CAAC,qBAAqB;AACxB,aAAO;AAAA,IACT;AAEA,UAAM,CAAC,QAAQ,KAAK,IAAI,oBAAoB,MAAM,KAAK,CAAC;AAExD,QAAI,CAAC,OAAO;AAEV,aAAO;AAAA,IACT;AAEA,QAAI,WAAW,UAAU;AACvB,aAAO;AAAA,IACT;AAGA,WAAO;AAAA,EACT;AACF;AAIO,IAAM,yBAAyB,CACpC,mBACA,YAC4B;AAC5B,SAAO,IAAI,wBAAwB,mBAAmB,OAAO;AAC/D;;;AClIA,SAAS,iBAAiB,0BAA0B,uBAAuB;;;ACkB3E,SAAS,uBAAuB,SAA2B;AACzD,SAAO,QAAQ,QAAQ,IAAI,eAAe;AAC5C;AAEA,SAAS,oBACP,OACA,SACA,SACA;AACA,SACE,MAAM,WAAW,6BAA6B,gBAC9C,CAAC,CAAC,QAAQ,wBACV,QAAQ,WAAW;AAEvB;AAEA,eAAsB,oBACpB,SACA,SACuB;AACvB,QAAM,UAAU,uBAAuB,wBAAwB,OAAO,GAAG,OAAO;AAChF,QAAM,EAAE,qBAAqB,IAAI;AAEjC,QAAM,EAAE,sBAAsB,IAAI,QAAQ,OAAO;AAEjD,iBAAe,eAAe;AAC5B,QAAI,CAAC,sBAAsB;AACzB,aAAO;AAAA,QACL,MAAM;AAAA,QACN,OAAO;AAAA,UACL,SAAS;AAAA,UACT,QAAQ,gBAAgB;AAAA,QAC1B;AAAA,MACF;AAAA,IACF;AACA,WAAO,MAAM,sBAAsB,sBAAsB;AAAA,MACvD,SAAS,QAAQ,QAAQ;AAAA,IAC3B,CAAC;AAAA,EACH;AAEA,iBAAe,gBAGb;AACA,UAAM,EAAE,MAAM,eAAe,MAAM,IAAI,MAAM,aAAa;AAC1D,QAAI,CAAC,eAAe;AAClB,aAAO,EAAE,MAAM,MAAM,MAAM;AAAA,IAC7B;AAEA,UAAM,UAAU,IAAI,QAAQ;AAC5B,UAAM,EAAE,QAAQ,IAAI;AAEpB,UAAM,SAAS;AACf,UAAM,eAAe,gBAAgB;AACrC,UAAM,oBAAoB,yBAAyB,UAAU,QAAQ,SAAS,YAAY;AAC1F,UAAM,uBAAuB;AAE7B,UAAM,gBAAgB,GAAG,iBAAiB,IAAI,OAAO,KAAK,oBAAoB;AAC9E,YAAQ,OAAO,cAAc,aAAa;AAE1C,UAAM,EAAE,MAAM,SAAS,OAAO,IAAI,MAAM,YAAY,SAAS,OAAO;AACpE,QAAI,QAAQ;AACV,aAAO;AAAA,QACL,MAAM;AAAA,QACN,OAAO,SAAS,OAAO,CAAC,IAAI,IAAI,MAAM,kCAAkC;AAAA,MAC1E;AAAA,IACF;AACA,WAAO,EAAE,MAAM,EAAE,SAAS,OAAO,SAAS,QAAQ,GAAG,OAAO,KAAK;AAAA,EACnE;AAEA,iBAAe,uCAAuC;AACpD,QAAI;AAEF,YAAM,EAAE,MAAM,OAAO,IAAI,MAAM,YAAY,QAAQ,iBAAkB,OAAO;AAE5E,UAAI,QAAQ;AACV,cAAM,OAAO,CAAC;AAAA,MAChB;AAGA,YAAM,uBAAuB,SAAS,SAAS,MAAM,QAAW,QAAQ,eAAgB;AACxF,aAAO;AAAA,IACT,SAAS,KAAK;AACZ,aAAO,YAAY,KAAK,QAAQ;AAAA,IAClC;AAAA,EACF;AAEA,iBAAe,uCAAuC;AACpD,UAAM,EAAE,qBAAqB,IAAI;AACjC,QAAI;AAEF,YAAM,EAAE,MAAM,OAAO,IAAI,MAAM,YAAY,sBAAuB,OAAO;AAEzE,UAAI,QAAQ;AACV,cAAM,OAAO,CAAC;AAAA,MAChB;AAGA,YAAM,uBAAuB,SAAS,SAAS,MAAM,QAAW,oBAAqB;AACrF,aAAO;AAAA,IACT,SAAS,KAAK;AACZ,aAAO,YAAY,KAAK,QAAQ;AAAA,IAClC;AAAA,EACF;AAEA,iBAAe,YACb,KACA,cACyC;AACzC,QAAI,EAAE,eAAe,yBAAyB;AAC5C,aAAO,UAAU,SAAS,gBAAgB,eAAe;AAAA,IAC3D;AAEA,QAAI;AACJ,QAAI,oBAAoB,KAAK,SAAS,OAAO,GAAG;AAC9C,YAAM,EAAE,MAAM,MAAM,IAAI,MAAM,cAAc;AAC5C,UAAI,MAAM;AACR,eAAO,SAAS,SAAS,KAAK,SAAS,KAAK,SAAS,KAAK,KAAK;AAAA,MACjE;AAEA,UAAI,OAAO,OAAO,QAAQ;AACxB,uBAAe,MAAM,MAAM;AAAA,MAC7B;AAAA,IACF,OAAO;AACL,UAAI,QAAQ,WAAW,OAAO;AAC5B,uBAAe,wBAAwB;AAAA,MACzC,WAAW,CAAC,QAAQ,sBAAsB;AACxC,uBAAe,wBAAwB;AAAA,MACzC,OAAO;AACL,uBAAe;AAAA,MACjB;AAAA,IACF;AAEA,QAAI,eAAe;AAEnB,WAAO,UAAU,SAAS,IAAI,QAAQ,IAAI,eAAe,CAAC;AAAA,EAC5D;AAEA,MAAI,uBAAuB,OAAO,GAAG;AACnC,WAAO,qCAAqC;AAAA,EAC9C;AAEA,SAAO,qCAAqC;AAC9C;;;AChJO,SAAS,0BAA0B,QAA0C;AAClF,QAAM,mBAAmB,uBAAuB,OAAO,OAAO;AAC9D,QAAM,YAAY,OAAO;AAEzB,QAAM,4BAA4B,CAAC,SAAkB,UAA0B,CAAC,MAAM;AACpF,UAAM,EAAE,OAAO,IAAI;AACnB,WAAO,oBAAoB,SAAS,EAAE,GAAG,SAAS,QAAQ,UAAU,CAAC;AAAA,EACvE;AAEA,SAAO;AAAA,IACL,qBAAqB;AAAA,EACvB;AACF;;;ACXO,SAAS,4BAA4B,SAA4D;AACtG,QAAM,OAAO,EAAE,GAAG,QAAQ;AAC1B,QAAM,YAAY,cAAc,IAAI;AACpC,QAAM,eAAe,0BAA0B,EAAC,SAAS,MAAM,UAAS,CAAC;AAEzE,SAAO;AAAA,IACL,GAAG;AAAA,IACH,GAAG;AAAA,EACL;AACF;;;AC3BO,IAAK,WAAL,kBAAKA,cAAL;AACL,EAAAA,oBAAA,WAAQ,KAAR;AACA,EAAAA,oBAAA,UAAO,KAAP;AACA,EAAAA,oBAAA,UAAO,KAAP;AACA,EAAAA,oBAAA,WAAQ,KAAR;AAJU,SAAAA;AAAA,GAAA;AAaL,IAAM,SAAN,MAAa;AAAA,EACV;AAAA,EAER,YAAY,UAAkC,CAAC,GAAG;AAChD,SAAK,UAAU;AAAA,MACb,SAAS;AAAA,MACT,OAAO;AAAA,MACP,QAAQ;AAAA,MACR,GAAG;AAAA,IACL;AAAA,EACF;AAAA,EAEA,SAAe;AACb,SAAK,QAAQ,UAAU;AAAA,EACzB;AAAA,EAEA,UAAgB;AACd,SAAK,QAAQ,UAAU;AAAA,EACzB;AAAA,EAEA,SAAS,OAAuB;AAC9B,SAAK,QAAQ,QAAQ;AAAA,EACvB;AAAA,EAEA,UAAU,QAAsB;AAC9B,SAAK,QAAQ,SAAS;AAAA,EACxB;AAAA,EAEQ,IAAI,OAAiB,WAAmB,YAAoB,MAAmB;AACrF,QAAI,CAAC,KAAK,QAAQ,WAAW,QAAQ,KAAK,QAAQ,OAAO;AACvD;AAAA,IACF;AAEA,UAAM,aAAY,oBAAI,KAAK,GAAE,YAAY;AACzC,UAAM,mBAAmB,GAAG,SAAS,IAAI,KAAK,QAAQ,MAAM,KAAK,SAAS,KAAK,OAAO;AAEtF,YAAQ,OAAO;AAAA,MACb,KAAK;AACH,gBAAQ,MAAM,kBAAkB,GAAG,IAAI;AACvC;AAAA,MACF,KAAK;AACH,gBAAQ,KAAK,kBAAkB,GAAG,IAAI;AACtC;AAAA,MACF,KAAK;AACH,gBAAQ,KAAK,kBAAkB,GAAG,IAAI;AACtC;AAAA,MACF,KAAK;AACH,gBAAQ,MAAM,kBAAkB,GAAG,IAAI;AACvC;AAAA,IACJ;AAAA,EACF;AAAA,EAEA,MAAM,YAAoB,MAAmB;AAC3C,SAAK,IAAI,eAAgB,SAAS,SAAS,GAAG,IAAI;AAAA,EACpD;AAAA,EAEA,KAAK,YAAoB,MAAmB;AAC1C,SAAK,IAAI,cAAe,QAAQ,SAAS,GAAG,IAAI;AAAA,EAClD;AAAA,EAEA,KAAK,YAAoB,MAAmB;AAC1C,SAAK,IAAI,cAAe,QAAQ,SAAS,GAAG,IAAI;AAAA,EAClD;AAAA,EAEA,MAAM,YAAoB,MAAmB;AAC3C,SAAK,IAAI,eAAgB,SAAS,SAAS,GAAG,IAAI;AAAA,EACpD;AACF;AAEO,IAAM,eAAe,CAAC,YAA6C;AACxE,SAAO,IAAI,OAAO,OAAO;AAC3B;AAEO,IAAM,cAAc,aAAa,EAAE,QAAQ,qBAAqB,CAAC;AACjE,IAAM,aAAa,aAAa,EAAE,QAAQ,oBAAoB,CAAC;;;ACrF/D,SAAS,qBAA2B;AACzC,aAAW,OAAO;AAClB,aAAW,sBAAuB;AAElC,cAAY,OAAO;AACnB,cAAY,sBAAuB;AACrC;AAEO,SAAS,sBAA4B;AAC1C,aAAW,QAAQ;AACnB,cAAY,QAAQ;AACtB;AAEO,SAAS,YAAY,OAAuB;AACjD,aAAW,SAAS,KAAK;AACzB,cAAY,SAAS,KAAK;AAC5B;;;ACfO,IAAM,kBAAN,MAAqD;AAAA,EAClD;AAAA,EACA;AAAA,EAER,YAAY,QAAwB;AAClC,SAAK,SAAS;AACd,SAAK,YAAY,OAAO,SAAS;AAAA,EACnC;AAAA,EAEA,kBAAkB,OAAM,QAAoD;AAC1E,QAAI;AAGF,YAAM,WAAW,MAAM,MAAM,KAAK,OAAO,KAAK;AAAA,QAC5C,QAAQ;AAAA,QACR,SAAS;AAAA,UACP,gBAAgB;AAAA,UAChB,iBAAiB,UAAU,KAAK,OAAO,KAAK;AAAA,QAC9C;AAAA,QACA,MAAM,KAAK,UAAU;AAAA,UACnB,OAAO,2DAA2D,KAAK,SAAS;AAAA,UAChF,QAAQ,CAAC,GAAG;AAAA,QACd,CAAC;AAAA,MACH,CAAC;AAED,UAAI,CAAC,SAAS,IAAI;AAChB,cAAM,IAAI,MAAM,uBAAuB,SAAS,MAAM,EAAE;AAAA,MAC1D;AAEA,YAAM,SAAS,MAAM,SAAS,KAAK;AAEnC,UAAI,OAAO,QAAQ,OAAO,KAAK,SAAS,GAAG;AACzC,cAAM,MAAM,OAAO,KAAK,CAAC;AACzB,cAAM,eAAmC;AAAA,UACvC,KAAK,IAAI;AAAA,UACT,OAAO,IAAI;AAAA,UACX,cAAc,IAAI;AAAA,QACpB;AAEA,mBAAW,MAAM,wBAAwB,GAAG,EAAE;AAC9C,eAAO;AAAA,MACT;AAEA,iBAAW,MAAM,2BAA2B,GAAG,EAAE;AACjD,aAAO;AAAA,IACT,SAAS,OAAO;AACd,iBAAW,MAAM,gDAAgD,KAAK;AACtE,aAAO;AAAA,IACT;AAAA,EACF;AACF;;;ACrDA,SAAS,aAAa;AActB,IAAM,WAAN,MAAkB;AAAA,EACR,QAAQ,oBAAI,IAA2B;AAAA,EAC9B;AAAA,EAEjB,YAAY,eAAuB,KAAO;AACxC,SAAK,aAAa;AAAA,EACpB;AAAA,EAEA,IAAI,KAAa,OAAU,OAAsB;AAC/C,UAAM,YAAY,KAAK,IAAI,KAAK,SAAS,KAAK;AAC9C,SAAK,MAAM,IAAI,KAAK,EAAE,OAAO,UAAU,CAAC;AACxC,YAAQ,IAAI,qBAAqB,GAAG,WAAW,KAAK,UAAU,KAAK,CAAC,eAAe,SAAS,eAAe,KAAK,MAAM,IAAI,EAAE;AAAA,EAC9H;AAAA,EAEQ,SAAS,KAAwC;AACvD,UAAM,QAAQ,KAAK,MAAM,IAAI,GAAG;AAChC,QAAI,CAAC,MAAO,QAAO;AAEnB,UAAM,MAAM,KAAK,IAAI;AACrB,QAAI,MAAM,MAAM,WAAW;AACzB,cAAQ,IAAI,iBAAiB,GAAG,iBAAiB,GAAG,eAAe,MAAM,SAAS,GAAG;AACrF,WAAK,MAAM,OAAO,GAAG;AACrB,aAAO;AAAA,IACT;AAEA,WAAO;AAAA,EACT;AAAA,EAEA,IAAI,KAA4B;AAC9B,UAAM,QAAQ,KAAK,SAAS,GAAG;AAC/B,UAAM,WAAW,UAAU;AAC3B,UAAM,cAAc,KAAK,MAAM,IAAI,GAAG;AACtC,UAAM,WAAW,KAAK,MAAM,IAAI,GAAG;AAEnC,YAAQ,IAAI,qBAAqB,GAAG,cAAc,QAAQ,iBAAiB,WAAW,EAAE;AACxF,YAAQ,IAAI,0BAA0B,KAAK,UAAU,QAAQ,CAAC,WAAW,KAAK,UAAU,KAAK,CAAC,EAAE;AAEhG,QAAI,CAAC,OAAO;AACV,cAAQ,IAAI,wCAAwC,GAAG,uBAAuB;AAC9E,aAAO;AAAA,IACT;AAEA,YAAQ,IAAI,iCAAiC,KAAK,UAAU,MAAM,KAAK,CAAC,YAAY,GAAG,EAAE;AACzF,WAAO,MAAM;AAAA,EACf;AAAA,EAGA,OAAO,KAAsB;AAC3B,WAAO,KAAK,MAAM,OAAO,GAAG;AAAA,EAC9B;AAAA,EAEA,QAAc;AACZ,SAAK,MAAM,MAAM;AAAA,EACnB;AAAA,EAEA,UAAgB;AACd,UAAM,MAAM,KAAK,IAAI;AACrB,eAAW,CAAC,KAAK,KAAK,KAAK,KAAK,MAAM,QAAQ,GAAG;AAC/C,UAAI,MAAM,MAAM,WAAW;AACzB,aAAK,MAAM,OAAO,GAAG;AAAA,MACvB;AAAA,IACF;AAAA,EACF;AACF;AAEO,IAAM,eAAN,MAAkD;AAAA,EAC/C;AAAA,EACA;AAAA,EACA;AAAA,EAER,YAAY,QAAqB;AAC/B,SAAK,QAAQ,IAAI,MAAM;AAAA,MACrB,KAAK,OAAO;AAAA,MACZ,OAAO,OAAO;AAAA,IAChB,CAAC;AAED,SAAK,YAAY,OAAO,aAAa;AACrC,UAAM,WAAW,OAAO,OAAO;AAC/B,SAAK,QAAQ,IAAI,SAAoC,QAAQ;AAE7D,gBAAY,MAAM,KAAK,MAAM,QAAQ,GAAG,IAAI,KAAK,GAAI;AAAA,EACvD;AAAA,EAEA,kBAAkB,OAAO,QAAoD;AAC3E,UAAM,WAAW,GAAG,KAAK,SAAS,GAAG,GAAG;AAExC,eAAW,MAAM,yCAAyC,QAAQ,EAAE;AAGpE,UAAM,eAAe,KAAK,MAAM,IAAI,QAAQ;AAC5C,eAAW,MAAM,sCAAsC,QAAQ,KAAK;AAAA,MAClE,cAAc,KAAK,UAAU,YAAY;AAAA,MACzC,aAAa,iBAAiB;AAAA,MAC9B,MAAM,OAAO;AAAA,IACf,CAAC;AAED,QAAI,iBAAiB,QAAW;AAC9B,iBAAW,MAAM,gCAAgC,GAAG,IAAI;AAAA,QACtD;AAAA,QACA,cAAc,KAAK,UAAU,YAAY;AAAA,MAC3C,CAAC;AACD,aAAO;AAAA,IACT;AAEA,eAAW;AAAA,MACT,iCAAiC,GAAG,mCAAmC,QAAQ;AAAA,IACjF;AAEA,QAAI;AACF,YAAM,eACJ,MAAM,KAAK,MAAM,IAAI,QAAQ;AAE/B,iBAAW,MAAM,0BAA0B,QAAQ,KAAK;AAAA,QACtD,cAAc,KAAK,UAAU,YAAY;AAAA,QACzC,MAAM,OAAO;AAAA,MACf,CAAC;AAGD,WAAK,MAAM,IAAI,UAAU,YAAY;AAErC,iBAAW,MAAM,oCAAoC,GAAG,IAAI;AAAA,QAC1D;AAAA,QACA,YAAY,CAAC,CAAC;AAAA,QACd,aAAa,KAAK,UAAU,YAAY;AAAA,MAC1C,CAAC;AAED,aAAO;AAAA,IACT,SAAS,OAAO;AACd,iBAAW,MAAM,6CAA6C,KAAK;AACnE,aAAO;AAAA,IACT;AAAA,EACF;AAAA,EAEA,gBAAgB,KAAmB;AACjC,UAAM,WAAW,GAAG,KAAK,SAAS,GAAG,GAAG;AACxC,SAAK,MAAM,OAAO,QAAQ;AAAA,EAC5B;AACF;;;ACnJO,SAAS,cACd,QACqB;AACrB,UAAQ,OAAO,MAAM;AAAA,IACnB,KAAK;AACH,aAAO,IAAI,aAAa,OAAO,MAAa;AAAA,IAC9C,KAAK;AACH,aAAO,IAAI,gBAAgB,OAAO,MAAa;AAAA,IACjD;AACE,YAAM,IAAI,MAAM,6BAA8B,OAAe,IAAI,EAAE;AAAA,EACvE;AACF;AAEO,SAAS,4BAA4B,SAGH;AACvC,MAAI,SAAS,WAAW,CAAC,QAAQ,SAAS;AACxC,WAAO;AAAA,MACL,SAAS;AAAA,MACT,OAAO;AAAA,IACT;AAAA,EACF;AACA,SAAO,EAAE,SAAS,KAAK;AACzB;","names":["LogLevel"]}
1
+ {"version":3,"sources":["../src/createRedirect.ts","../src/tokens/authstate.ts","../src/fireRestApi/endpoints/AbstractApi.ts","../src/fireRestApi/endpoints/EmailApi.ts","../src/fireRestApi/endpoints/PasswordApi.ts","../src/fireRestApi/endpoints/SignInTokenApi.ts","../src/fireRestApi/endpoints/SignUpApi.ts","../src/fireRestApi/endpoints/TokenApi.ts","../src/fireRestApi/endpoints/UserData.ts","../src/runtime.ts","../src/fireRestApi/emulator.ts","../src/fireRestApi/endpointUrl.ts","../src/fireRestApi/request.ts","../src/fireRestApi/createFireApi.ts","../src/utils/options.ts","../src/tokens/request.ts","../src/tokens/c-authenticateRequestProcessor.ts","../src/tokens/cookie.ts","../src/tokens/factory.ts","../src/instance/backendInstanceEdge.ts","../src/utils/logger.ts","../src/utils/enableDebugLogging.ts","../src/adapters/PostgresAdapter.ts","../src/adapters/RedisAdapter.ts","../src/adapters/index.ts"],"sourcesContent":["const buildUrl = (\n _baseUrl: string | URL,\n _targetUrl: string | URL,\n _returnBackUrl?: string | URL | null,\n) => {\n if (_baseUrl === '') {\n return legacyBuildUrl(_targetUrl.toString(), _returnBackUrl?.toString());\n }\n\n const baseUrl = new URL(_baseUrl);\n const returnBackUrl = _returnBackUrl ? new URL(_returnBackUrl, baseUrl) : undefined;\n const res = new URL(_targetUrl, baseUrl);\n\n if (returnBackUrl) {\n res.searchParams.set('redirect_url', returnBackUrl.toString());\n }\n return res.toString();\n};\n\nconst legacyBuildUrl = (targetUrl: string, redirectUrl?: string) => {\n let url;\n if (!targetUrl.startsWith('http')) {\n if (!redirectUrl || !redirectUrl.startsWith('http')) {\n throw new Error('destination url or return back url should be an absolute path url!');\n }\n\n const baseURL = new URL(redirectUrl);\n url = new URL(targetUrl, baseURL.origin);\n } else {\n url = new URL(targetUrl);\n }\n\n if (redirectUrl) {\n url.searchParams.set('redirect_url', redirectUrl);\n }\n\n return url.toString();\n};\n\ntype RedirectAdapter<RedirectReturn> = (url: string) => RedirectReturn;\ntype RedirectToParams = { returnBackUrl?: string | URL | null };\nexport type RedirectFun<ReturnType> = (params?: RedirectToParams) => ReturnType;\n\n/**\n * @internal\n */\ntype CreateRedirect = <ReturnType>(params: {\n redirectAdapter: RedirectAdapter<ReturnType>;\n baseUrl: URL | string;\n signInUrl?: URL | string;\n signUpUrl?: URL | string;\n}) => {\n redirectToSignIn: RedirectFun<ReturnType>;\n redirectToSignUp: RedirectFun<ReturnType>;\n};\n\nexport const createRedirect: CreateRedirect = params => {\n const { redirectAdapter, signInUrl, signUpUrl, baseUrl } = params;\n\n const redirectToSignUp = ({ returnBackUrl }: RedirectToParams = {}) => {\n if (!signUpUrl) {\n throw new Error('SignUp URL is not defined');\n }\n\n const pathToSignUpUrl = `${baseUrl}/sign-up`;\n\n function buildSignUpUrl(signIn: string | URL | undefined) {\n if (!signIn) {\n return;\n }\n const url = new URL(signIn, baseUrl);\n url.pathname = `${url.pathname}/create`;\n return url.toString();\n }\n\n const targetUrl = signUpUrl || buildSignUpUrl(signInUrl) || pathToSignUpUrl;\n\n return redirectAdapter(buildUrl(baseUrl, targetUrl, returnBackUrl));\n };\n\n const redirectToSignIn = ({ returnBackUrl }: RedirectToParams = {}) => {\n if (!signInUrl) {\n throw new Error('SignIn URL is not defined');\n }\n\n const pathToSignInUrl = `${baseUrl}/sign-in`;\n const targetUrl = signInUrl || pathToSignInUrl;\n\n return redirectAdapter(buildUrl(baseUrl, targetUrl, returnBackUrl));\n };\n\n return { redirectToSignUp, redirectToSignIn };\n};\n","import type { CheckAuthorizationFromSessionClaims, DecodedIdToken } from '@tern-secure/types';\nimport type { JWTPayload } from 'jose';\n\nimport { constants } from '../constants';\nimport type { TokenVerificationErrorReason } from '../utils/errors';\nimport { mapJwtPayloadToDecodedIdToken } from '../utils/mapDecode';\nimport type { RequestProcessorContext } from './c-authenticateRequestProcessor';\nimport type { TernSecureRequest } from './ternSecureRequest';\n\nexport const AuthStatus = {\n SignedIn: 'signed-in',\n SignedOut: 'signed-out',\n Handshake: 'handshake',\n} as const;\n\nexport type AuthStatus = (typeof AuthStatus)[keyof typeof AuthStatus];\n\nexport const AuthErrorReason = {\n AuthTimeout: 'auth-timeout',\n SessionTokenAndAuthMissing: 'session-token-and-aut-missing',\n SessionTokenMissing: 'session-token-missing',\n SessionTokenExpired: 'session-token-expired',\n SessionTokenIATBeforeTernAUT: 'session-token-iat-before-tern-aut',\n SessionTokenNBF: 'session-token-nbf',\n SessionTokenIatInTheFuture: 'session-token-iat-in-the-future',\n SessionTokenWithoutTernAUT: 'session-token-but-no-tern-uat',\n TernAutWithoutSessionToken: 'tern-aut-but-no-session-token',\n SyncRequired: 'sync-required',\n UnexpectedError: 'unexpected-error',\n} as const;\n\nexport type AuthErrorReason = (typeof AuthErrorReason)[keyof typeof AuthErrorReason];\n\nexport type AuthReason = AuthErrorReason | TokenVerificationErrorReason;\n\nexport type SignedInAuthObject = {\n sessionClaims: DecodedIdToken;\n userId: string;\n token: string;\n require: CheckAuthorizationFromSessionClaims;\n error: string | null;\n};\n\nexport type SignedOutAuthObject = {\n sessionClaims: null;\n userId: null;\n token: null;\n require: CheckAuthorizationFromSessionClaims;\n error: string | null;\n};\n\nexport type SignedInState = {\n status: typeof AuthStatus.SignedIn;\n message: null;\n reason: null;\n signInUrl: string;\n signUpUrl: string;\n isSignedIn: true;\n auth: () => SignedInAuthObject;\n token: string;\n headers: Headers;\n};\n\nexport type SignedOutState = {\n status: typeof AuthStatus.SignedOut;\n message: string;\n reason: string;\n isSignedIn: false;\n signInUrl: string;\n signUpUrl: string;\n auth: () => SignedOutAuthObject;\n token: null;\n headers: Headers;\n};\n\nexport type HandshakeState = Omit<SignedOutState, 'status' | 'auth'> & {\n status: typeof AuthStatus.Handshake;\n headers: Headers;\n auth: () => null;\n};\n\nexport type RequestState = SignedInState | SignedOutState | HandshakeState;\n\nexport interface BackendInstance {\n ternSecureRequest: TernSecureRequest;\n requestState: RequestState;\n}\n\nexport type AuthObject = SignedInAuthObject | SignedOutAuthObject;\n\nfunction createHasAuthorization(\n decodedIdToken: DecodedIdToken,\n): CheckAuthorizationFromSessionClaims {\n return (authorizationParams: any) => {\n if (\n !authorizationParams ||\n typeof authorizationParams !== 'object' ||\n Array.isArray(authorizationParams)\n ) {\n return false;\n }\n const claims = decodedIdToken as Record<string, any>;\n\n return Object.entries(authorizationParams).every(([key, value]) => {\n const claimValue = claims[key];\n if (typeof claimValue === 'undefined') {\n return false;\n }\n if (Array.isArray(value)) {\n if (Array.isArray(claimValue)) {\n return value.some(v => claimValue.includes(v));\n }\n return value.includes(claimValue);\n }\n\n if (Array.isArray(claimValue)) {\n return claimValue.includes(value);\n }\n return claimValue === value;\n });\n };\n}\n\nexport function signedInAuthObject(\n sessionToken: string,\n sessionClaims: JWTPayload,\n): SignedInAuthObject {\n const decodedIdToken = mapJwtPayloadToDecodedIdToken(sessionClaims);\n return {\n sessionClaims: {\n ...decodedIdToken,\n },\n userId: decodedIdToken.uid,\n token: sessionToken,\n require: createHasAuthorization(decodedIdToken),\n error: null,\n };\n}\n\nexport function signedOutAuthObject(): SignedOutAuthObject {\n return {\n sessionClaims: null,\n userId: null,\n token: null,\n require: () => false,\n error: 'No active session',\n };\n}\n\nexport function signedIn(\n authCtx: RequestProcessorContext,\n sessionClaims: JWTPayload,\n headers: Headers = new Headers(),\n token: string,\n): SignedInState {\n const authObject = signedInAuthObject(token, sessionClaims);\n return {\n status: AuthStatus.SignedIn,\n message: null,\n reason: null,\n signInUrl: authCtx.signInUrl || '',\n signUpUrl: authCtx.signUpUrl || '',\n isSignedIn: true,\n auth: () => authObject,\n token,\n headers,\n };\n}\n\nexport function signedOut(\n authCtx: RequestProcessorContext,\n reason: AuthReason,\n message = '',\n headers: Headers = new Headers(),\n): SignedOutState {\n return decorateHeaders({\n status: AuthStatus.SignedOut,\n reason,\n message,\n signInUrl: authCtx.signInUrl || '',\n signUpUrl: authCtx.signUpUrl || '',\n isSignedIn: false,\n auth: () => signedOutAuthObject(),\n token: null,\n headers,\n });\n}\n\nexport function handshake(\n authCtx: RequestProcessorContext,\n reason: AuthReason,\n message = '',\n headers: Headers,\n): HandshakeState {\n return {\n status: AuthStatus.Handshake,\n reason,\n message,\n signInUrl: authCtx.signInUrl || '',\n signUpUrl: authCtx.signUpUrl || '',\n isSignedIn: false,\n headers,\n auth: () => null,\n token: null,\n };\n}\n\nconst decorateHeaders = <T extends RequestState>(requestState: T): T => {\n const headers = new Headers(requestState.headers || {});\n\n if (requestState.message) {\n try {\n headers.set(constants.Headers.AuthMessage, requestState.message);\n } catch {\n // Ignore errors\n }\n }\n\n if (requestState.reason) {\n try {\n headers.set(constants.Headers.AuthReason, requestState.reason);\n } catch {\n // Ignore errors\n }\n }\n\n if (requestState.status) {\n try {\n headers.set(constants.Headers.AuthStatus, requestState.status);\n } catch {\n // Ignore errors\n }\n }\n\n requestState.headers = headers;\n\n return requestState;\n};\n","import type { RequestFunction } from '../request';\n\nexport abstract class AbstractAPI {\n constructor(protected request: RequestFunction) {}\n\n protected requireApiKey(apiKey: string) {\n if (!apiKey) {\n throw new Error('A valid API key is required.');\n }\n }\n}\n","import { AbstractAPI } from \"./AbstractApi\";\n\n\ntype sendEmailVerificationParams = {\n idToken: string;\n requestType: 'VERIFY_EMAIL';\n};\n\ntype ConfirmEmailVerificationParams = {\n oobCode: string;\n};\n\n\nexport class EmailApi extends AbstractAPI {\n public async verifyEmailVerification(apiKey: string, params: sendEmailVerificationParams) {\n this.requireApiKey(apiKey);\n const { ...restParams } = params;\n return this.request({\n endpoint: \"sendOobCode\",\n method: \"POST\",\n bodyParams: restParams,\n });\n }\n\n public async confirmEmailVerification(apiKey: string, params: ConfirmEmailVerificationParams) {\n this.requireApiKey(apiKey);\n const { ...restParams } = params;\n return this.request({\n endpoint: \"sendOobCode\",\n method: \"POST\",\n bodyParams: restParams,\n });\n }\n}","import { AbstractAPI } from \"./AbstractApi\";\n\n\ntype ConfirmPasswordResetParams = {\n oobCode: string;\n newPassword: string;\n};\n\ntype VerifyPasswordResetCodeParams = {\n oobCode: string;\n};\n\ntype ChangePasswordParams = {\n idToken: string;\n password: string;\n returnSecureToken?: boolean;\n};\n\nexport class PasswordApi extends AbstractAPI {\n public async verifyPasswordResetCode(apiKey: string, params: VerifyPasswordResetCodeParams) {\n this.requireApiKey(apiKey);\n const { ...restParams } = params;\n return this.request({\n endpoint: \"passwordReset\",\n method: \"POST\",\n bodyParams: restParams,\n });\n }\n\n public async confirmPasswordReset(apiKey: string, params: ConfirmPasswordResetParams) {\n this.requireApiKey(apiKey);\n const { ...restParams } = params;\n return this.request({\n endpoint: \"passwordReset\",\n method: \"POST\",\n bodyParams: restParams,\n });\n }\n\n public async changePassword(apiKey: string, params: ChangePasswordParams) {\n this.requireApiKey(apiKey);\n const { ...restParams } = params;\n return this.request({\n endpoint: \"passwordReset\",\n method: \"POST\",\n bodyParams: restParams,\n });\n }\n}","import type { IdAndRefreshTokens } from '../resources/Token';\nimport { AbstractAPI } from './AbstractApi';\n\n\ntype CreateSignInTokenParams = {\n token: string;\n returnSecureToken?: boolean;\n};\n\nexport class SignInTokenApi extends AbstractAPI {\n public async createCustomToken(\n apiKey: string,\n params: CreateSignInTokenParams,\n ): Promise<IdAndRefreshTokens> {\n try {\n this.requireApiKey(apiKey);\n const { ...restParams } = params;\n\n const response = await this.request<IdAndRefreshTokens>({\n endpoint: \"signInWithCustomToken\",\n method: 'POST',\n bodyParams: restParams,\n });\n\n if (response.errors) {\n const errorMessage = response.errors[0]?.message || 'Failed to create custom token';\n throw new Error(errorMessage);\n }\n\n return response.data;\n } catch (error) {\n const contextualMessage = `Failed to create custom token: ${error instanceof Error ? error.message : 'Unknown error'}`;\n throw new Error(contextualMessage);\n }\n }\n}\n","import { AbstractAPI } from \"./AbstractApi\";\n\n\ntype CreateSignUpTokenParams = {\n email: string;\n password: string;\n returnSecureToken?: boolean;\n};\n\n\nexport class SignUpApi extends AbstractAPI {\n public async createCustomToken(apiKey: string, params: CreateSignUpTokenParams) {\n this.requireApiKey(apiKey);\n const { ...restParams } = params;\n return this.request({\n endpoint: \"signUp\",\n method: \"POST\",\n bodyParams: restParams,\n });\n }\n\n}\n","import type { IdAndRefreshTokens } from '../resources/Token';\nimport { AbstractAPI } from './AbstractApi';\n\ntype RefreshTokenParams = {\n expired_token?: string;\n refresh_token: string;\n request_origin?: string;\n request_originating_ip?: string;\n request_headers?: Record<string, string[]>;\n suffixed_cookies?: boolean;\n format?: 'token' | 'cookie';\n};\n\ntype IdAndRefreshTokensParams = {\n token: string;\n returnSecureToken?: boolean;\n};\n\ntype IdAndRefreshTokensOptions = {\n referer?: string;\n};\n\nexport class TokenApi extends AbstractAPI {\n public async refreshToken(apiKey: string, params: RefreshTokenParams) {\n this.requireApiKey(apiKey);\n const { refresh_token, request_origin, ...restParams } = params;\n\n const headers: Record<string, string> = {};\n if (request_origin) {\n headers['Referer'] = request_origin;\n }\n\n const bodyParams = {\n grant_type: 'refresh_token',\n refresh_token,\n ...restParams,\n };\n\n return this.request({\n endpoint: 'refreshToken',\n method: 'POST',\n apiKey,\n bodyParams,\n headerParams: headers,\n });\n }\n\n public async exchangeCustomForIdAndRefreshTokens(\n apiKey: string,\n params: IdAndRefreshTokensParams,\n options?: IdAndRefreshTokensOptions,\n ) {\n this.requireApiKey(apiKey);\n\n const headers: Record<string, string> = {};\n if (options?.referer) {\n headers['Referer'] = options.referer;\n }\n\n return this.request<IdAndRefreshTokens>({\n endpoint: 'signInWithCustomToken',\n method: 'POST',\n apiKey,\n bodyParams: params,\n headerParams: headers,\n });\n }\n}\n","import type { User } from '../resources/User';\nimport { AbstractAPI } from './AbstractApi';\n\ntype UserDataParams = {\n localId?: string;\n idToken?: string;\n};\n\ntype UserDataOptions = {\n referer?: string;\n};\n\nexport class UserData extends AbstractAPI {\n public async getUserData(apiKey: string, params: UserDataParams, options?: UserDataOptions) {\n this.requireApiKey(apiKey);\n const { ...restParams } = params;\n\n const headers: Record<string, string> = {};\n if (options?.referer) {\n headers['Referer'] = options.referer;\n }\n return this.request<User>({\n endpoint: 'lookup',\n method: 'POST',\n apiKey,\n bodyParams: restParams,\n headerParams: headers,\n });\n }\n}","/**\n * This file exports APIs that vary across runtimes (i.e. Node & Browser - V8 isolates)\n * as a singleton object.\n *\n * Runtime polyfills are written in VanillaJS for now to avoid TS complication. Moreover,\n * due to this issue https://github.com/microsoft/TypeScript/issues/44848, there is not a good way\n * to tell Typescript which conditional import to use during build type.\n *\n * The Runtime type definition ensures type safety for now.\n * Runtime js modules are copied into dist folder with bash script.\n *\n * TODO: Support TS runtime modules\n */\n\n// @ts-ignore - These are package subpaths\nimport { webcrypto as crypto } from '#crypto';\n\ntype Runtime = {\n crypto: Crypto;\n fetch: typeof globalThis.fetch;\n AbortController: typeof globalThis.AbortController;\n Blob: typeof globalThis.Blob;\n FormData: typeof globalThis.FormData;\n Headers: typeof globalThis.Headers;\n Request: typeof globalThis.Request;\n Response: typeof globalThis.Response;\n};\n\n// Invoking the global.fetch without binding it first to the globalObject fails in\n// Cloudflare Workers with an \"Illegal Invocation\" error.\n//\n// The globalThis object is supported for Node >= 12.0.\n//\n// https://github.com/supabase/supabase/issues/4417\nconst globalFetch = fetch.bind(globalThis);\n\nexport const runtime: Runtime = {\n crypto,\n get fetch() {\n // We need to use the globalFetch for Cloudflare Workers but the fetch for testing\n return process.env.NODE_ENV === 'test' ? fetch : globalFetch;\n },\n AbortController: globalThis.AbortController,\n Blob: globalThis.Blob,\n FormData: globalThis.FormData,\n Headers: globalThis.Headers,\n Request: globalThis.Request,\n Response: globalThis.Response,\n};\n","export const FIREBASE_AUTH_EMULATOR_HOST = process.env.FIREBASE_AUTH_EMULATOR_HOST;\n\nexport function emulatorHost(): string | undefined {\n if (typeof process === 'undefined') return undefined;\n return FIREBASE_AUTH_EMULATOR_HOST;\n}\n\nexport function useEmulator(): boolean {\n return !!emulatorHost();\n}\n","import { FIREBASE_AUTH_EMULATOR_HOST, useEmulator } from './emulator';\n\nexport const topLevelEndpoint = (apiKey: string, projectId: string, version: string) => {\n return `https://identitytoolkit.googleapis.com/${version}/projects/${projectId}${apiKey}`;\n};\n\nexport const lookupEndpoint = (apiKey: string) => {\n return `https://identitytoolkit.googleapis.com/v1/accounts:lookup?key=${apiKey}`;\n};\n\nexport const getRefreshTokenEndpoint = (apiKey: string) => {\n return `https://securetoken.googleapis.com/v1/token?key=${apiKey}`;\n};\n\nexport const signInWithPassword = (apiKey: string) => {\n return `https://identitytoolkit.googleapis.com/v1/accounts:signInWithPassword?key=${apiKey}`;\n};\n\nexport const signUpEndpoint = (apiKey: string) => {\n return `https://identitytoolkit.googleapis.com/v1/accounts:signUp?key=${apiKey}`;\n};\n\nexport const getCustomTokenEndpoint = (apiKey: string) => {\n if (useEmulator() && FIREBASE_AUTH_EMULATOR_HOST) {\n let protocol = 'http://';\n if (FIREBASE_AUTH_EMULATOR_HOST.startsWith('http://')) {\n protocol = '';\n }\n\n return `${protocol}${FIREBASE_AUTH_EMULATOR_HOST}/identitytoolkit.googleapis.com/v1/accounts:signInWithCustomToken?key=${apiKey}`;\n }\n return `https://identitytoolkit.googleapis.com/v1/accounts:signInWithCustomToken?key=${apiKey}`;\n};\n\nexport const passwordResetEndpoint = (apiKey: string) => {\n return `https://identitytoolkit.googleapis.com/v1/accounts:resetPassword?key=${apiKey}`;\n};\n","import type {\n TernSecureFireRestError,\n TernSecureFireRestErrorJSON,\n} from \"@tern-secure/types\";\n\nimport { constants } from \"../constants\";\nimport { runtime } from \"../runtime\";\nimport {\n getCustomTokenEndpoint,\n getRefreshTokenEndpoint,\n lookupEndpoint,\n passwordResetEndpoint,\n signInWithPassword,\n signUpEndpoint,\n} from \"./endpointUrl\";\n\nexport type HTTPMethod = \"DELETE\" | \"GET\" | \"PATCH\" | \"POST\" | \"PUT\";\nexport type FirebaseEndpoint =\n | \"lookup\"\n | \"refreshToken\"\n | \"signInWithPassword\"\n | \"signUp\"\n | \"signInWithCustomToken\"\n | \"passwordReset\"\n | \"sendOobCode\"\n\nexport type BackendApiRequestOptions = {\n endpoint: FirebaseEndpoint;\n method?: HTTPMethod;\n apiKey?: string;\n queryParams?: Record<string, unknown>;\n headerParams?: Record<string, string>;\n bodyParams?: Record<string, unknown>;\n formData?: FormData;\n}\n\nexport type BackendApiResponse<T> =\n | {\n data: T;\n errors: null;\n totalCount?: number;\n }\n | {\n data: null;\n errors: TernSecureFireRestError[];\n totalCount?: never;\n status?: number;\n statusText?: string;\n retryAfter?: number;\n };\n\nexport type RequestFunction = ReturnType<typeof createRequest>;\n\ntype CreateRequestOptions = {\n apiKey?: string;\n apiUrl?: string;\n apiVersion?: string;\n};\n\nconst FIREBASE_ENDPOINT_MAP: Record<FirebaseEndpoint, (apiKey: string) => string> = {\n refreshToken: getRefreshTokenEndpoint,\n signInWithPassword: signInWithPassword,\n signUp: signUpEndpoint,\n signInWithCustomToken: getCustomTokenEndpoint,\n passwordReset: passwordResetEndpoint,\n sendOobCode: signInWithPassword,\n lookup: lookupEndpoint\n};\n\n\nexport function createRequest(options: CreateRequestOptions) {\n const requestFn = async <T>(\n requestOptions: BackendApiRequestOptions\n ): Promise<BackendApiResponse<T>> => {\n const { endpoint, method, apiKey, queryParams, headerParams, bodyParams, formData } =\n requestOptions;\n\n\n if (!apiKey) {\n return {\n data: null,\n errors: [\n {\n domain: \"none\",\n reason: \"invalid_parameter\",\n message: \"Firebase API key is required\",\n code: \"400\",\n },\n ],\n };\n }\n\n const endpointUrl = FIREBASE_ENDPOINT_MAP[endpoint](apiKey);\n const finalUrl = new URL(endpointUrl);\n\n if (queryParams) {\n Object.entries(queryParams).forEach(([key, value]) => {\n if (value) {\n [value].flat().forEach(v => finalUrl.searchParams.append(key, v as string));\n }\n });\n }\n\n const headers: Record<string, any> = {\n ...headerParams,\n };\n let res: Response | undefined;\n\n try {\n if (formData) {\n res = await runtime.fetch(finalUrl.href, {\n method,\n headers,\n body: formData,\n });\n } else {\n headers[\"Content-Type\"] = \"application/json\";\n const hasBody =\n method !== \"GET\" && bodyParams && Object.keys(bodyParams).length > 0;\n const body = hasBody ? { body: JSON.stringify(bodyParams) } : null;\n\n res = await runtime.fetch(finalUrl.href, {\n method,\n headers,\n ...body,\n });\n }\n\n const isJSONResponse =\n res?.headers &&\n res.headers?.get(constants.Headers.ContentType) ===\n constants.ContentTypes.Json;\n const responseBody = await (isJSONResponse ? res.json() : res.text());\n\n\n if (!res.ok) {\n return {\n data: null,\n errors: parseErrors(responseBody),\n status: res?.status,\n statusText: res?.statusText,\n };\n }\n\n return {\n data: responseBody,\n errors: null,\n };\n } catch (error) {\n if (error instanceof Error) {\n return {\n data: null,\n errors: [\n {\n domain: \"none\",\n reason: \"request_failed\",\n message: error.message || \"An unexpected error occurred\",\n code: \"500\",\n },\n ],\n };\n }\n\n return {\n data: null,\n errors: parseErrors(error),\n status: res?.status,\n statusText: res?.statusText,\n };\n }\n };\n return requestFn;\n}\n\nfunction parseErrors(data: unknown): TernSecureFireRestError[] {\n let parsedData = data;\n if (typeof data === \"string\") {\n try {\n parsedData = JSON.parse(data);\n } catch (error) {\n return [];\n }\n }\n\n if (!parsedData || typeof parsedData !== \"object\") {\n return [];\n }\n\n if (\"error\" in parsedData && typeof parsedData.error === \"object\" && parsedData.error !== null) {\n const errorObj = parsedData.error as any;\n\n if (\"errors\" in errorObj && Array.isArray(errorObj.errors) && errorObj.errors.length > 0) {\n return errorObj.errors.map((err: any) => parseError({\n code: errorObj.code || \"unknown_error\", \n message: err.message || \"Unknown error\",\n domain: err.domain,\n reason: err.reason\n }));\n }\n\n // Fallback: create single error from main error object\n return [parseError({\n code: errorObj.code?.toString() || \"unknown_error\",\n message: errorObj.message || \"Unknown error\",\n domain: errorObj.domain || \"unknown\",\n reason: errorObj.reason || errorObj.code?.toString() || \"unknown_error\"\n })];\n }\n\n return [];\n}\n\nexport function parseError(error: TernSecureFireRestErrorJSON): TernSecureFireRestError {\n return {\n domain: error.domain,\n reason: error.reason,\n message: error.message,\n code: error.code\n };\n}\n","import { EmailApi, PasswordApi, SignInTokenApi, SignUpApi, TokenApi, UserData } from './endpoints';\nimport { createRequest } from './request';\n\nexport type CreateFireApiOptions = Parameters<typeof createRequest>[0];\nexport type ApiClient = ReturnType<typeof createFireApi>;\n\nexport function createFireApi(options: CreateFireApiOptions) {\n const request = createRequest(options);\n return {\n email: new EmailApi(request),\n password: new PasswordApi(request),\n signIn: new SignInTokenApi(request),\n signUp: new SignUpApi(request),\n tokens: new TokenApi(request),\n userData: new UserData(request),\n };\n}\n","import type { AuthenticateRequestOptions} from \"../tokens/types\";\n\nexport type RuntimeOptions = Omit<AuthenticateRequestOptions, \"apiUrl\">;\n\nexport type buildTimeOptions = Partial<Pick<AuthenticateRequestOptions, \"apiKey\" | \"apiUrl\" | \"apiVersion\">>;\n\nconst defaultOptions: buildTimeOptions = {\n apiKey: undefined,\n apiUrl: undefined,\n apiVersion: undefined,\n};\n\nexport function mergePreDefinedOptions(\n userOptions: buildTimeOptions = {}\n): buildTimeOptions {\n return {\n ...defaultOptions,\n ...userOptions,\n };\n}","import { ms, type StringValue } from '@tern-secure/shared/ms';\nimport type { DecodedIdToken } from '@tern-secure/types';\n\nimport { getAuth } from '../auth';\nimport { constants } from '../constants';\nimport { ternDecodeJwt } from '../jwt/verifyJwt';\nimport type { TokenCarrier } from '../utils/errors';\nimport {\n RefreshTokenErrorReason,\n TokenVerificationError,\n TokenVerificationErrorReason,\n} from '../utils/errors';\nimport type { RequestState, SignedInState, SignedOutState } from './authstate';\nimport { AuthErrorReason, signedIn, signedOut } from './authstate';\nimport type { RequestProcessorContext } from './c-authenticateRequestProcessor';\nimport { createRequestProcessor } from './c-authenticateRequestProcessor';\nimport { getCookieNameEnvironment, getCookiePrefix } from './cookie';\nimport { createTernSecureRequest } from './ternSecureRequest';\nimport type { AuthenticateRequestOptions } from './types';\nimport { verifyToken } from './verify';\n\n\nfunction hasAuthorizationHeader(request: Request): boolean {\n return request.headers.has('Authorization');\n}\n\nfunction convertToSeconds(value: StringValue) {\n return ms(value) / 1000;\n}\n\nfunction isRequestForRefresh(\n error: TokenVerificationError,\n context: { refreshTokenInCookie?: string },\n request: Request,\n) {\n return (\n error.reason === TokenVerificationErrorReason.TokenExpired &&\n !!context.refreshTokenInCookie &&\n request.method === 'GET'\n );\n}\n\nexport async function authenticateRequest(\n request: Request,\n options: AuthenticateRequestOptions,\n): Promise<RequestState> {\n const context = createRequestProcessor(createTernSecureRequest(request), options);\n const { refreshTokenInCookie } = context;\n\n const { refreshExpiredIdToken } = getAuth(options);\n\n function checkSessionTimeout(authTimeValue: number): SignedOutState | null {\n const defaultMaxAgeSeconds = convertToSeconds('5 days');\n const REAUTH_PERIOD_SECONDS = context.session?.maxAge\n ? convertToSeconds(context.session.maxAge)\n : defaultMaxAgeSeconds;\n\n const currentTime = Math.floor(Date.now() / 1000);\n const authAge = currentTime - authTimeValue;\n\n console.log('Current time:', currentTime, 'Auth age:', authAge, 'Reauth period (s):', REAUTH_PERIOD_SECONDS);\n\n if (authTimeValue > 0 && authAge > REAUTH_PERIOD_SECONDS) {\n return signedOut(context, AuthErrorReason.AuthTimeout, 'Authentication expired');\n }\n\n return null;\n }\n\n async function refreshToken() {\n if (!refreshTokenInCookie) {\n return {\n data: null,\n error: {\n message: 'No refresh token available',\n reason: AuthErrorReason.SessionTokenMissing,\n },\n };\n }\n return await refreshExpiredIdToken(refreshTokenInCookie, {\n referer: context.ternUrl.origin,\n });\n }\n\n async function handleRefresh(): Promise<\n | { data: { decoded: DecodedIdToken; token: string; headers: Headers }; error: null }\n | { data: null; error: any }\n > {\n const { data: refreshedData, error } = await refreshToken();\n if (!refreshedData) {\n return { data: null, error };\n }\n\n const headers = new Headers();\n const { idToken } = refreshedData;\n\n const maxAge = 365 * 24 * 60 * 60;\n const cookiePrefix = getCookiePrefix();\n const idTokenCookieName = getCookieNameEnvironment(constants.Cookies.IdToken, cookiePrefix);\n const baseCookieAttributes = 'HttpOnly; Secure; SameSite=Strict; Max-Age=' + `${maxAge}; Path=/`;\n\n const idTokenCookie = `${idTokenCookieName}=${idToken}; ${baseCookieAttributes};`;\n headers.append('Set-Cookie', idTokenCookie);\n\n const { data: decoded, errors } = await verifyToken(idToken, options);\n if (errors) {\n return {\n data: null,\n error: errors ? errors[0] : new Error('Failed to verify refreshed token'),\n };\n }\n return { data: { decoded, token: idToken, headers }, error: null };\n }\n\n async function handleLocalHandshakeWithErrorCheck(\n context: RequestProcessorContext,\n reason: string,\n message: string,\n skipSessionCheck: boolean = false,\n ): Promise<SignedInState | SignedOutState> {\n const hasRefreshTokenInCookie = !!context.refreshTokenInCookie;\n if (!hasRefreshTokenInCookie) {\n return signedOut(context, reason, 'Refresh token missing in cookie');\n }\n\n if (reason === AuthErrorReason.TernAutWithoutSessionToken) {\n if (!skipSessionCheck) {\n const sessionTimeoutResult = checkSessionTimeout(context.ternAuth);\n if (sessionTimeoutResult) {\n return sessionTimeoutResult;\n }\n }\n\n const { data, error } = await handleRefresh();\n\n if (data) {\n return signedIn(context, data.decoded, data.headers, data.token);\n }\n\n return signedOut(context, reason, 'Failed to refresh idToken');\n }\n\n\n if (reason === AuthErrorReason.SessionTokenWithoutTernAUT ||\n reason === AuthErrorReason.SessionTokenIATBeforeTernAUT) {\n // eslint-disable-next-line @typescript-eslint/no-non-null-assertion\n const { data, errors } = ternDecodeJwt(context.idTokenInCookie!);\n\n if (errors) {\n throw errors[0];\n }\n\n const authTime = data.payload.auth_time;\n\n if (!authTime || typeof authTime !== 'number') {\n return signedOut(context, reason, 'Token missing auth_time');\n }\n\n if (!skipSessionCheck) {\n const sessionTimeoutResult = checkSessionTimeout(authTime);\n if (sessionTimeoutResult) {\n return sessionTimeoutResult;\n }\n }\n\n // eslint-disable-next-line @typescript-eslint/no-non-null-assertion\n const { data: verifiedToken, errors: verifyErrors } = await verifyToken(context.idTokenInCookie!, options);\n\n if (verifyErrors) {\n throw verifyErrors[0];\n }\n\n const headers = new Headers();\n const oneYearInSeconds = 365 * 24 * 60 * 60;\n const ternAutCookie = `${constants.Cookies.TernAut}=${authTime}; Max-Age=${oneYearInSeconds}; Secure; SameSite=Strict; Path=/`;\n headers.append('Set-Cookie', ternAutCookie);\n\n // eslint-disable-next-line @typescript-eslint/no-non-null-assertion\n return signedIn(context, verifiedToken, headers, context.idTokenInCookie!);\n }\n\n return signedOut(context, reason, message);\n }\n\n async function authenticateRequestWithTokenInCookie() {\n const hasTernAuth = context.ternAuth\n const hasIdTokenInCookie = !!context.idTokenInCookie;\n\n if (!hasTernAuth && !hasIdTokenInCookie) {\n return signedOut(context, AuthErrorReason.SessionTokenAndAuthMissing);\n }\n\n if (!hasTernAuth && hasIdTokenInCookie) {\n return await handleLocalHandshakeWithErrorCheck(context, AuthErrorReason.SessionTokenWithoutTernAUT, '');\n }\n\n if (hasTernAuth && !hasIdTokenInCookie) {\n return await handleLocalHandshakeWithErrorCheck(context, AuthErrorReason.TernAutWithoutSessionToken, '');\n }\n\n const sessionTimeoutResult = checkSessionTimeout(context.ternAuth);\n if (sessionTimeoutResult) {\n return sessionTimeoutResult;\n }\n\n // eslint-disable-next-line @typescript-eslint/no-non-null-assertion\n const { data: decodedResult, errors: decodeErrors } = ternDecodeJwt(context.idTokenInCookie!);\n\n if (decodeErrors) {\n return handleError(decodeErrors[0], 'cookie');\n }\n\n const tokenIat = decodedResult.payload.iat;\n if (!tokenIat) {\n return signedOut(context, AuthErrorReason.SessionTokenMissing, '');\n }\n\n if (tokenIat < context.ternAuth) {\n return await handleLocalHandshakeWithErrorCheck(context, AuthErrorReason.SessionTokenIATBeforeTernAUT, '', true);\n }\n\n try {\n // eslint-disable-next-line @typescript-eslint/no-non-null-assertion\n const { data, errors } = await verifyToken(context.idTokenInCookie!, options);\n\n if (errors) {\n throw errors[0];\n }\n\n // eslint-disable-next-line @typescript-eslint/no-non-null-assertion\n const signedInRequestState = signedIn(context, data, undefined, context.idTokenInCookie!);\n\n return signedInRequestState;\n } catch (err) {\n return handleError(err, 'cookie');\n }\n\n return signedOut(context, AuthErrorReason.UnexpectedError);\n }\n\n async function authenticateRequestWithTokenInHeader() {\n const { sessionTokenInHeader } = context;\n try {\n // eslint-disable-next-line @typescript-eslint/no-non-null-assertion\n const { data, errors } = await verifyToken(sessionTokenInHeader!, options);\n\n if (errors) {\n throw errors[0];\n }\n\n // eslint-disable-next-line @typescript-eslint/no-non-null-assertion\n const signedInRequestState = signedIn(context, data, undefined, sessionTokenInHeader!);\n return signedInRequestState;\n } catch (err) {\n return handleError(err, 'header');\n }\n }\n\n async function handleError(\n err: unknown,\n tokenCarrier: TokenCarrier,\n ): Promise<SignedInState | SignedOutState> {\n if (!(err instanceof TokenVerificationError)) {\n return signedOut(context, AuthErrorReason.UnexpectedError);\n }\n\n let refreshError: string | null;\n if (isRequestForRefresh(err, context, request)) {\n const { data, error } = await handleRefresh();\n if (data) {\n return signedIn(context, data.decoded, data.headers, data.token);\n }\n\n if (error?.cause?.reason) {\n refreshError = error.cause.reason;\n }\n } else {\n if (request.method !== 'GET') {\n refreshError = RefreshTokenErrorReason.NonEligibleNonGet;\n } else if (!context.refreshTokenInCookie) {\n refreshError = RefreshTokenErrorReason.NonEligibleNoCookie;\n } else {\n refreshError = null;\n }\n }\n\n err.tokenCarrier = tokenCarrier;\n\n return signedOut(context, err.reason, err.getFullMessage());\n }\n\n if (hasAuthorizationHeader(request)) {\n return authenticateRequestWithTokenInHeader();\n }\n\n return authenticateRequestWithTokenInCookie();\n}\n","import type { AuthEndpoint, SessionSubEndpoint } from '@tern-secure/types';\n\nimport { constants } from '../constants';\nimport type { TernSecureRequest } from './ternSecureRequest';\nimport type { AuthenticateRequestOptions } from './types';\n\n\n/**\n * Request context for better type safety and clarity\n */\ninterface RequestProcessorContext extends AuthenticateRequestOptions {\n // header-based values\n sessionTokenInHeader: string | undefined;\n origin: string | undefined;\n host: string | undefined;\n forwardedHost: string | undefined;\n forwardedProto: string | undefined;\n referrer: string | undefined;\n userAgent: string | undefined;\n secFetchDest: string | undefined;\n accept: string | undefined;\n\n // cookie-based values\n idTokenInCookie: string | undefined;\n refreshTokenInCookie: string | undefined;\n csrfTokenInCookie: string | undefined;\n sessionTokenInCookie?: string | undefined;\n customTokenInCookie?: string | undefined;\n ternAuth: number;\n\n handshakeNonce: string | undefined;\n handshakeToken: string | undefined;\n\n method: string;\n pathSegments: string[];\n endpoint?: AuthEndpoint;\n subEndpoint?: SessionSubEndpoint;\n\n ternUrl: URL;\n instanceType: string;\n}\n\n/**\n * Request processor utility class for common operations\n */\nclass RequestProcessorContext implements RequestProcessorContext {\n public constructor(\n private ternSecureRequest: TernSecureRequest,\n private options: AuthenticateRequestOptions,\n ) {\n this.initHeaderValues();\n this.initCookieValues();\n this.initHandshakeValues();\n this.initUrlValues();\n Object.assign(this, options);\n this.ternUrl = this.ternSecureRequest.ternUrl;\n }\n\n public get request(): TernSecureRequest {\n return this.ternSecureRequest;\n }\n\n private initHeaderValues() {\n this.sessionTokenInHeader = this.parseAuthorizationHeader(\n this.getHeader(constants.Headers.Authorization),\n );\n this.origin = this.getHeader(constants.Headers.Origin);\n this.host = this.getHeader(constants.Headers.Host);\n this.forwardedHost = this.getHeader(constants.Headers.ForwardedHost);\n this.forwardedProto =\n this.getHeader(constants.Headers.CloudFrontForwardedProto) ||\n this.getHeader(constants.Headers.ForwardedProto);\n this.referrer = this.getHeader(constants.Headers.Referrer);\n this.userAgent = this.getHeader(constants.Headers.UserAgent);\n this.secFetchDest = this.getHeader(constants.Headers.SecFetchDest);\n this.accept = this.getHeader(constants.Headers.Accept);\n }\n\n private initCookieValues() {\n const isProduction = process.env.NODE_ENV === 'production';\n const defaultPrefix = isProduction ? '__HOST-' : '__dev_';\n this.sessionTokenInCookie = this.getCookie(constants.Cookies.Session);\n\n // System-fixed cookies using backend constants\n this.idTokenInCookie = this.getCookie(`${defaultPrefix}${constants.Cookies.IdToken}`);\n this.refreshTokenInCookie = this.getCookie(`${defaultPrefix}${constants.Cookies.Refresh}`);\n this.csrfTokenInCookie = this.getCookie(constants.Cookies.CsrfToken);\n this.customTokenInCookie = this.getCookie(constants.Cookies.Custom);\n this.ternAuth = Number.parseInt(this.getCookie(constants.Cookies.TernAut) || '0', 10);\n }\n\n private initHandshakeValues() {\n this.handshakeToken = this.getQueryParam(constants.QueryParameters.Handshake) || this.getCookie(constants.Cookies.Handshake);\n this.handshakeNonce = this.getQueryParam(constants.QueryParameters.HandshakeNonce) || this.getCookie(constants.Cookies.HandshakeNonce);\n }\n\n private initUrlValues() {\n this.method = this.ternSecureRequest.method;\n this.pathSegments = this.ternSecureRequest.ternUrl.pathname.split('/').filter(Boolean);\n this.endpoint = this.pathSegments[2] as AuthEndpoint;\n this.subEndpoint = this.pathSegments[3] as SessionSubEndpoint;\n }\n\n private getQueryParam(name: string) {\n return this.ternSecureRequest.ternUrl.searchParams.get(name);\n }\n\n private getHeader(name: string) {\n return this.ternSecureRequest.headers.get(name) || undefined;\n }\n\n private getCookie(name: string) {\n return this.ternSecureRequest.cookies.get(name) || undefined;\n }\n\n private parseAuthorizationHeader(\n authorizationHeader: string | undefined | null,\n ): string | undefined {\n if (!authorizationHeader) {\n return undefined;\n }\n\n const [scheme, token] = authorizationHeader.split(' ', 2);\n\n if (!token) {\n // No scheme specified, treat the entire value as the token\n return scheme;\n }\n\n if (scheme === 'Bearer') {\n return token;\n }\n\n // Skip all other schemes\n return undefined;\n }\n}\n\nexport type { RequestProcessorContext };\n\nexport const createRequestProcessor = (\n ternSecureRequest: TernSecureRequest,\n options: AuthenticateRequestOptions,\n): RequestProcessorContext => {\n return new RequestProcessorContext(ternSecureRequest, options);\n};\n","import { getCookieName as getCookieNameEnvironment, getCookiePrefix } from '@tern-secure/shared/cookie';\n\nexport const getCookieName = (cookieDirective: string): string => {\n return cookieDirective.split(';')[0]?.split('=')[0];\n};\n\nexport const getCookieValue = (cookieDirective: string): string => {\n return cookieDirective.split(';')[0]?.split('=')[1];\n};\n\nexport { getCookieNameEnvironment, getCookiePrefix };","\nimport type { ApiClient } from '../fireRestApi';\nimport {\n type buildTimeOptions,\n mergePreDefinedOptions,\n type RuntimeOptions,\n} from '../utils/options';\nimport { authenticateRequest } from './request';\n\n/**\n * @internal\n */\nexport type CreateAuthenticateRequestOptions = {\n options: buildTimeOptions;\n apiClient: ApiClient;\n};\n\nexport function createAuthenticateRequest(params: CreateAuthenticateRequestOptions) {\n const buildTimeOptions = mergePreDefinedOptions(params.options);\n const apiClient = params.apiClient;\n\n const handleAuthenticateRequest = (request: Request, options: RuntimeOptions = {}) => {\n const { apiUrl } = buildTimeOptions;\n return authenticateRequest(request, { ...options, apiUrl, apiClient });\n };\n\n return {\n authenticateRequest: handleAuthenticateRequest,\n };\n}","import type { ApiClient,CreateFireApiOptions} from \"../fireRestApi\";\r\nimport { createFireApi } from \"../fireRestApi\";\r\nimport type { RequestState } from \"../tokens/authstate\";\r\nimport type { CreateAuthenticateRequestOptions } from \"../tokens/factory\";\r\nimport { createAuthenticateRequest } from \"../tokens/factory\";\r\nimport type {\r\n TernSecureRequest,\r\n} from \"../tokens/ternSecureRequest\";\r\n\r\nexport type TernSecureBackendOptions = CreateFireApiOptions & CreateAuthenticateRequestOptions['options'];\r\n\r\nexport type TernSecureBackendClient = ApiClient & ReturnType<typeof createAuthenticateRequest>;\r\n\r\nexport interface BackendInstance {\r\n ternSecureRequest: TernSecureRequest;\r\n requestState: RequestState;\r\n}\r\n\r\nexport function createBackendInstanceClient(options: TernSecureBackendOptions): TernSecureBackendClient {\r\n const opts = { ...options };\r\n const apiClient = createFireApi(opts);\r\n const requestState = createAuthenticateRequest({options: opts, apiClient});\r\n\r\n return {\r\n ...apiClient,\r\n ...requestState,\r\n };\r\n}\r\n","export enum LogLevel {\n ERROR = 0,\n WARN = 1,\n INFO = 2,\n DEBUG = 3,\n}\n\nexport interface LoggerOptions {\n enabled: boolean\n level: LogLevel\n prefix: string\n}\n\nexport class Logger {\n private options: LoggerOptions\n\n constructor(options: Partial<LoggerOptions> = {}) {\n this.options = {\n enabled: false,\n level: LogLevel.INFO,\n prefix: '[TernSecure-Backend]',\n ...options,\n }\n }\n\n enable(): void {\n this.options.enabled = true\n }\n\n disable(): void {\n this.options.enabled = false\n }\n\n setLevel(level: LogLevel): void {\n this.options.level = level\n }\n\n setPrefix(prefix: string): void {\n this.options.prefix = prefix\n }\n\n private log(level: LogLevel, levelName: string, message: string, ...args: any[]): void {\n if (!this.options.enabled || level > this.options.level) {\n return\n }\n\n const timestamp = new Date().toISOString()\n const formattedMessage = `${timestamp} ${this.options.prefix} [${levelName}] ${message}`\n \n switch (level) {\n case LogLevel.ERROR:\n console.error(formattedMessage, ...args)\n break\n case LogLevel.WARN:\n console.warn(formattedMessage, ...args)\n break\n case LogLevel.INFO:\n console.info(formattedMessage, ...args)\n break\n case LogLevel.DEBUG:\n console.debug(formattedMessage, ...args)\n break\n }\n }\n\n error(message: string, ...args: any[]): void {\n this.log(LogLevel.ERROR, 'ERROR', message, ...args)\n }\n\n warn(message: string, ...args: any[]): void {\n this.log(LogLevel.WARN, 'WARN', message, ...args)\n }\n\n info(message: string, ...args: any[]): void {\n this.log(LogLevel.INFO, 'INFO', message, ...args)\n }\n\n debug(message: string, ...args: any[]): void {\n this.log(LogLevel.DEBUG, 'DEBUG', message, ...args)\n }\n}\n\nexport const createLogger = (options?: Partial<LoggerOptions>): Logger => {\n return new Logger(options)\n}\n\nexport const redisLogger = createLogger({ prefix: '[TernSecure-Redis]' })\nexport const authLogger = createLogger({ prefix: '[TernSecure-Auth]' })","import { authLogger, LogLevel,redisLogger } from \"./logger\"\n\nexport function enableDebugLogging(): void {\n authLogger.enable()\n authLogger.setLevel(LogLevel.DEBUG)\n \n redisLogger.enable()\n redisLogger.setLevel(LogLevel.DEBUG)\n}\n\nexport function disableDebugLogging(): void {\n authLogger.disable()\n redisLogger.disable()\n}\n\nexport function setLogLevel(level: LogLevel): void {\n authLogger.setLevel(level)\n redisLogger.setLevel(level)\n}","import { authLogger } from \"../utils/logger\";\nimport type { DisabledUserAdapter, DisabledUserRecord, PostgresConfig } from \"./types\";\n\nexport class PostgresAdapter implements DisabledUserAdapter {\n private config: PostgresConfig;\n private tableName: string;\n\n constructor(config: PostgresConfig) {\n this.config = config;\n this.tableName = config.table || 'disabled_users';\n }\n\n getDisabledUser = async(uid: string): Promise<DisabledUserRecord | null> => {\n try {\n // For edge runtime, we'll use fetch to call a REST API endpoint\n // This avoids the need for full postgres client libraries in edge\n const response = await fetch(this.config.url, {\n method: 'POST',\n headers: {\n 'Content-Type': 'application/json',\n 'Authorization': `Bearer ${this.config.token}`,\n },\n body: JSON.stringify({\n query: `SELECT uid, email, disabled_time as \"disabledTime\" FROM ${this.tableName} WHERE uid = $1`,\n params: [uid],\n }),\n });\n\n if (!response.ok) {\n throw new Error(`HTTP error! status: ${response.status}`);\n }\n\n const result = await response.json();\n \n if (result.rows && result.rows.length > 0) {\n const row = result.rows[0];\n const disabledUser: DisabledUserRecord = {\n uid: row.uid,\n email: row.email,\n disabledTime: row.disabledTime,\n };\n \n authLogger.debug(`Found disabled user: ${uid}`);\n return disabledUser;\n }\n\n authLogger.debug(`No disabled user found: ${uid}`);\n return null;\n } catch (error) {\n authLogger.error('Failed to fetch disabled user from Postgres:', error);\n return null;\n }\n }\n}","import { Redis } from \"@upstash/redis\";\n\nimport { authLogger } from \"../utils/logger\";\nimport type {\n DisabledUserAdapter,\n DisabledUserRecord,\n RedisConfig,\n} from \"./types\";\n\ninterface CacheEntry<T> {\n value: T;\n expiresAt: number;\n}\n\nclass TTLCache<T> {\n private cache = new Map<string, CacheEntry<T>>();\n private readonly defaultTTL: number;\n\n constructor(defaultTTLMs: number = 60000) {\n this.defaultTTL = defaultTTLMs;\n }\n\n set(key: string, value: T, ttlMs?: number): void {\n const expiresAt = Date.now() + (ttlMs ?? this.defaultTTL);\n this.cache.set(key, { value, expiresAt });\n console.log(`TTLCache.set: key=${key}, value=${JSON.stringify(value)}, expiresAt=${expiresAt}, cacheSize=${this.cache.size}`);\n }\n\n private getEntry(key: string): CacheEntry<T> | undefined {\n const entry = this.cache.get(key);\n if (!entry) return undefined;\n\n const now = Date.now();\n if (now > entry.expiresAt) {\n console.log(`TTLCache: key=${key} expired (now=${now}, expiresAt=${entry.expiresAt})`);\n this.cache.delete(key);\n return undefined;\n }\n\n return entry;\n }\n\n get(key: string): T | undefined {\n const entry = this.getEntry(key);\n const hasEntry = entry !== undefined;\n const cacheHasKey = this.cache.has(key);\n const rawEntry = this.cache.get(key);\n \n console.log(`TTLCache.get: key=${key}, hasEntry=${hasEntry}, cacheHasKey=${cacheHasKey}`);\n console.log(`TTLCache.get: rawEntry=${JSON.stringify(rawEntry)}, entry=${JSON.stringify(entry)}`);\n \n if (!entry) {\n console.log(`TTLCache.get: no entry found for key=${key}, returning undefined`);\n return undefined;\n }\n\n console.log(`TTLCache.get: returning value=${JSON.stringify(entry.value)} for key=${key}`);\n return entry.value;\n }\n\n\n delete(key: string): boolean {\n return this.cache.delete(key);\n }\n\n clear(): void {\n this.cache.clear();\n }\n\n cleanup(): void {\n const now = Date.now();\n for (const [key, entry] of this.cache.entries()) {\n if (now > entry.expiresAt) {\n this.cache.delete(key);\n }\n }\n }\n}\n\nexport class RedisAdapter implements DisabledUserAdapter {\n private redis: Redis;\n private cache: TTLCache<DisabledUserRecord | null>;\n private keyPrefix: string;\n\n constructor(config: RedisConfig) {\n this.redis = new Redis({\n url: config.url,\n token: config.token,\n });\n\n this.keyPrefix = config.keyPrefix || \"disabled_user:\";\n const cacheTTL = config.ttl || 30000; // Default 30 seconds\n this.cache = new TTLCache<DisabledUserRecord | null>(cacheTTL);\n\n setInterval(() => this.cache.cleanup(), 5 * 60 * 1000);\n }\n\n getDisabledUser = async (uid: string): Promise<DisabledUserRecord | null> => {\n const cacheKey = `${this.keyPrefix}${uid}`;\n \n authLogger.debug(`RedisAdapter: Checking cache for key: ${cacheKey}`);\n \n // Try to get from cache first\n const cachedResult = this.cache.get(cacheKey);\n authLogger.debug(`RedisAdapter: Cache get result for ${cacheKey}:`, {\n cachedResult: JSON.stringify(cachedResult),\n isUndefined: cachedResult === undefined,\n type: typeof cachedResult\n });\n \n if (cachedResult !== undefined) {\n authLogger.debug(`Cache hit for disabled user: ${uid}`, { \n cacheKey,\n cachedResult: JSON.stringify(cachedResult)\n });\n return cachedResult;\n }\n\n authLogger.debug(\n `Cache miss for disabled user: ${uid}, fetching from Redis with key: ${cacheKey}`\n );\n\n try {\n const disabledUser: DisabledUserRecord | null =\n await this.redis.get(cacheKey);\n\n authLogger.debug(`Redis returned for key ${cacheKey}:`, { \n disabledUser: JSON.stringify(disabledUser),\n type: typeof disabledUser\n });\n\n // Cache the result (including null values to prevent repeated Redis calls)\n this.cache.set(cacheKey, disabledUser);\n \n authLogger.debug(`Cached disabled user result for: ${uid}`, {\n cacheKey,\n isDisabled: !!disabledUser,\n cachedValue: JSON.stringify(disabledUser)\n });\n\n return disabledUser;\n } catch (error) {\n authLogger.error(\"Failed to fetch disabled user from Redis:\", error);\n return null;\n }\n };\n\n invalidateCache(uid: string): void {\n const cacheKey = `${this.keyPrefix}${uid}`;\n this.cache.delete(cacheKey);\n }\n}\n","import { PostgresAdapter } from \"./PostgresAdapter\";\nimport { RedisAdapter } from \"./RedisAdapter\";\nimport type { AdapterConfiguration,DisabledUserAdapter } from \"./types\";\n\nexport function createAdapter(\n config: AdapterConfiguration\n): DisabledUserAdapter {\n switch (config.type) {\n case \"redis\":\n return new RedisAdapter(config.config as any);\n case \"postgres\":\n return new PostgresAdapter(config.config as any);\n default:\n throw new Error(`Unsupported adapter type: ${(config as any).type}`);\n }\n}\n\nexport function validateCheckRevokedOptions(options?: {\n enabled: boolean;\n adapter?: AdapterConfiguration;\n}): { isValid: boolean; error?: string } {\n if (options?.enabled && !options.adapter) {\n return {\n isValid: false,\n error: \"When checkRevoked.enabled is true, an adapter must be provided\",\n };\n }\n return { isValid: true };\n}\n\n\nexport { RedisAdapter } from './RedisAdapter';\nexport { PostgresAdapter } from './PostgresAdapter';\nexport type {\n DisabledUserAdapter,\n DisabledUserRecord,\n AdapterConfig,\n RedisConfig,\n PostgresConfig,\n AdapterType,\n AdapterConfiguration,\n CheckRevokedOptions,\n} from './types';\n"],"mappings":";;;;;;;;;;;;;;;;;;;AAAA,IAAM,WAAW,CACf,UACA,YACA,mBACG;AACH,MAAI,aAAa,IAAI;AACnB,WAAO,eAAe,WAAW,SAAS,GAAG,gBAAgB,SAAS,CAAC;AAAA,EACzE;AAEA,QAAM,UAAU,IAAI,IAAI,QAAQ;AAChC,QAAM,gBAAgB,iBAAiB,IAAI,IAAI,gBAAgB,OAAO,IAAI;AAC1E,QAAM,MAAM,IAAI,IAAI,YAAY,OAAO;AAEvC,MAAI,eAAe;AACjB,QAAI,aAAa,IAAI,gBAAgB,cAAc,SAAS,CAAC;AAAA,EAC/D;AACA,SAAO,IAAI,SAAS;AACtB;AAEA,IAAM,iBAAiB,CAAC,WAAmB,gBAAyB;AAClE,MAAI;AACJ,MAAI,CAAC,UAAU,WAAW,MAAM,GAAG;AACjC,QAAI,CAAC,eAAe,CAAC,YAAY,WAAW,MAAM,GAAG;AACnD,YAAM,IAAI,MAAM,oEAAoE;AAAA,IACtF;AAEA,UAAM,UAAU,IAAI,IAAI,WAAW;AACnC,UAAM,IAAI,IAAI,WAAW,QAAQ,MAAM;AAAA,EACzC,OAAO;AACL,UAAM,IAAI,IAAI,SAAS;AAAA,EACzB;AAEA,MAAI,aAAa;AACf,QAAI,aAAa,IAAI,gBAAgB,WAAW;AAAA,EAClD;AAEA,SAAO,IAAI,SAAS;AACtB;AAmBO,IAAM,iBAAiC,YAAU;AACtD,QAAM,EAAE,iBAAiB,WAAW,WAAW,QAAQ,IAAI;AAE3D,QAAM,mBAAmB,CAAC,EAAE,cAAc,IAAsB,CAAC,MAAM;AACrE,QAAI,CAAC,WAAW;AACd,YAAM,IAAI,MAAM,2BAA2B;AAAA,IAC7C;AAEA,UAAM,kBAAkB,GAAG,OAAO;AAElC,aAAS,eAAe,QAAkC;AACxD,UAAI,CAAC,QAAQ;AACX;AAAA,MACF;AACA,YAAM,MAAM,IAAI,IAAI,QAAQ,OAAO;AACnC,UAAI,WAAW,GAAG,IAAI,QAAQ;AAC9B,aAAO,IAAI,SAAS;AAAA,IACtB;AAEA,UAAM,YAAY,aAAa,eAAe,SAAS,KAAK;AAE5D,WAAO,gBAAgB,SAAS,SAAS,WAAW,aAAa,CAAC;AAAA,EACpE;AAEA,QAAM,mBAAmB,CAAC,EAAE,cAAc,IAAsB,CAAC,MAAM;AACrE,QAAI,CAAC,WAAW;AACd,YAAM,IAAI,MAAM,2BAA2B;AAAA,IAC7C;AAEA,UAAM,kBAAkB,GAAG,OAAO;AAClC,UAAM,YAAY,aAAa;AAE/B,WAAO,gBAAgB,SAAS,SAAS,WAAW,aAAa,CAAC;AAAA,EACpE;AAEA,SAAO,EAAE,kBAAkB,iBAAiB;AAC9C;;;ACnFO,IAAM,aAAa;AAAA,EACxB,UAAU;AAAA,EACV,WAAW;AAAA,EACX,WAAW;AACb;AAIO,IAAM,kBAAkB;AAAA,EAC7B,aAAa;AAAA,EACb,4BAA4B;AAAA,EAC5B,qBAAqB;AAAA,EACrB,qBAAqB;AAAA,EACrB,8BAA8B;AAAA,EAC9B,iBAAiB;AAAA,EACjB,4BAA4B;AAAA,EAC5B,4BAA4B;AAAA,EAC5B,4BAA4B;AAAA,EAC5B,cAAc;AAAA,EACd,iBAAiB;AACnB;AA6DA,SAAS,uBACP,gBACqC;AACrC,SAAO,CAAC,wBAA6B;AACnC,QACE,CAAC,uBACD,OAAO,wBAAwB,YAC/B,MAAM,QAAQ,mBAAmB,GACjC;AACA,aAAO;AAAA,IACT;AACA,UAAM,SAAS;AAEf,WAAO,OAAO,QAAQ,mBAAmB,EAAE,MAAM,CAAC,CAAC,KAAK,KAAK,MAAM;AACjE,YAAM,aAAa,OAAO,GAAG;AAC7B,UAAI,OAAO,eAAe,aAAa;AACrC,eAAO;AAAA,MACT;AACA,UAAI,MAAM,QAAQ,KAAK,GAAG;AACxB,YAAI,MAAM,QAAQ,UAAU,GAAG;AAC7B,iBAAO,MAAM,KAAK,OAAK,WAAW,SAAS,CAAC,CAAC;AAAA,QAC/C;AACA,eAAO,MAAM,SAAS,UAAU;AAAA,MAClC;AAEA,UAAI,MAAM,QAAQ,UAAU,GAAG;AAC7B,eAAO,WAAW,SAAS,KAAK;AAAA,MAClC;AACA,aAAO,eAAe;AAAA,IACxB,CAAC;AAAA,EACH;AACF;AAEO,SAAS,mBACd,cACA,eACoB;AACpB,QAAM,iBAAiB,8BAA8B,aAAa;AAClE,SAAO;AAAA,IACL,eAAe;AAAA,MACb,GAAG;AAAA,IACL;AAAA,IACA,QAAQ,eAAe;AAAA,IACvB,OAAO;AAAA,IACP,SAAS,uBAAuB,cAAc;AAAA,IAC9C,OAAO;AAAA,EACT;AACF;AAEO,SAAS,sBAA2C;AACzD,SAAO;AAAA,IACL,eAAe;AAAA,IACf,QAAQ;AAAA,IACR,OAAO;AAAA,IACP,SAAS,MAAM;AAAA,IACf,OAAO;AAAA,EACT;AACF;AAEO,SAAS,SACd,SACA,eACA,UAAmB,IAAI,QAAQ,GAC/B,OACe;AACf,QAAM,aAAa,mBAAmB,OAAO,aAAa;AAC1D,SAAO;AAAA,IACL,QAAQ,WAAW;AAAA,IACnB,SAAS;AAAA,IACT,QAAQ;AAAA,IACR,WAAW,QAAQ,aAAa;AAAA,IAChC,WAAW,QAAQ,aAAa;AAAA,IAChC,YAAY;AAAA,IACZ,MAAM,MAAM;AAAA,IACZ;AAAA,IACA;AAAA,EACF;AACF;AAEO,SAAS,UACd,SACA,QACA,UAAU,IACV,UAAmB,IAAI,QAAQ,GACf;AAChB,SAAO,gBAAgB;AAAA,IACrB,QAAQ,WAAW;AAAA,IACnB;AAAA,IACA;AAAA,IACA,WAAW,QAAQ,aAAa;AAAA,IAChC,WAAW,QAAQ,aAAa;AAAA,IAChC,YAAY;AAAA,IACZ,MAAM,MAAM,oBAAoB;AAAA,IAChC,OAAO;AAAA,IACP;AAAA,EACF,CAAC;AACH;AAqBA,IAAM,kBAAkB,CAAyB,iBAAuB;AACtE,QAAM,UAAU,IAAI,QAAQ,aAAa,WAAW,CAAC,CAAC;AAEtD,MAAI,aAAa,SAAS;AACxB,QAAI;AACF,cAAQ,IAAI,UAAU,QAAQ,aAAa,aAAa,OAAO;AAAA,IACjE,QAAQ;AAAA,IAER;AAAA,EACF;AAEA,MAAI,aAAa,QAAQ;AACvB,QAAI;AACF,cAAQ,IAAI,UAAU,QAAQ,YAAY,aAAa,MAAM;AAAA,IAC/D,QAAQ;AAAA,IAER;AAAA,EACF;AAEA,MAAI,aAAa,QAAQ;AACvB,QAAI;AACF,cAAQ,IAAI,UAAU,QAAQ,YAAY,aAAa,MAAM;AAAA,IAC/D,QAAQ;AAAA,IAER;AAAA,EACF;AAEA,eAAa,UAAU;AAEvB,SAAO;AACT;;;AC3OO,IAAe,cAAf,MAA2B;AAAA,EAChC,YAAsB,SAA0B;AAA1B;AAAA,EAA2B;AAAA,EAEvC,cAAc,QAAgB;AACtC,QAAI,CAAC,QAAQ;AACX,YAAM,IAAI,MAAM,8BAA8B;AAAA,IAChD;AAAA,EACF;AACF;;;ACGO,IAAM,WAAN,cAAuB,YAAY;AAAA,EACxC,MAAa,wBAAwB,QAAgB,QAAqC;AACxF,SAAK,cAAc,MAAM;AACzB,UAAM,EAAE,GAAG,WAAW,IAAI;AAC1B,WAAO,KAAK,QAAQ;AAAA,MAClB,UAAU;AAAA,MACV,QAAQ;AAAA,MACR,YAAY;AAAA,IACd,CAAC;AAAA,EACH;AAAA,EAEA,MAAa,yBAAyB,QAAgB,QAAwC;AAC5F,SAAK,cAAc,MAAM;AACzB,UAAM,EAAE,GAAG,WAAW,IAAI;AAC1B,WAAO,KAAK,QAAQ;AAAA,MAClB,UAAU;AAAA,MACV,QAAQ;AAAA,MACR,YAAY;AAAA,IACd,CAAC;AAAA,EACH;AACF;;;ACfO,IAAM,cAAN,cAA0B,YAAY;AAAA,EAC3C,MAAa,wBAAwB,QAAgB,QAAuC;AAC1F,SAAK,cAAc,MAAM;AACzB,UAAM,EAAE,GAAG,WAAW,IAAI;AAC1B,WAAO,KAAK,QAAQ;AAAA,MAClB,UAAU;AAAA,MACV,QAAQ;AAAA,MACR,YAAY;AAAA,IACd,CAAC;AAAA,EACH;AAAA,EAEA,MAAa,qBAAqB,QAAgB,QAAoC;AACpF,SAAK,cAAc,MAAM;AACzB,UAAM,EAAE,GAAG,WAAW,IAAI;AAC1B,WAAO,KAAK,QAAQ;AAAA,MAClB,UAAU;AAAA,MACV,QAAQ;AAAA,MACR,YAAY;AAAA,IACd,CAAC;AAAA,EACH;AAAA,EAEE,MAAa,eAAe,QAAgB,QAA8B;AAC1E,SAAK,cAAc,MAAM;AACzB,UAAM,EAAE,GAAG,WAAW,IAAI;AAC1B,WAAO,KAAK,QAAQ;AAAA,MAClB,UAAU;AAAA,MACV,QAAQ;AAAA,MACR,YAAY;AAAA,IACd,CAAC;AAAA,EACH;AACF;;;ACvCO,IAAM,iBAAN,cAA6B,YAAY;AAAA,EAC9C,MAAa,kBACX,QACA,QAC6B;AAC7B,QAAI;AACF,WAAK,cAAc,MAAM;AACzB,YAAM,EAAE,GAAG,WAAW,IAAI;AAE1B,YAAM,WAAW,MAAM,KAAK,QAA4B;AAAA,QACtD,UAAU;AAAA,QACV,QAAQ;AAAA,QACR,YAAY;AAAA,MACd,CAAC;AAED,UAAI,SAAS,QAAQ;AACnB,cAAM,eAAe,SAAS,OAAO,CAAC,GAAG,WAAW;AACpD,cAAM,IAAI,MAAM,YAAY;AAAA,MAC9B;AAEA,aAAO,SAAS;AAAA,IAClB,SAAS,OAAO;AACd,YAAM,oBAAoB,kCAAkC,iBAAiB,QAAQ,MAAM,UAAU,eAAe;AACpH,YAAM,IAAI,MAAM,iBAAiB;AAAA,IACnC;AAAA,EACF;AACF;;;ACzBO,IAAM,YAAN,cAAwB,YAAY;AAAA,EACzC,MAAa,kBAAkB,QAAgB,QAAiC;AAC9E,SAAK,cAAc,MAAM;AACzB,UAAM,EAAE,GAAG,WAAW,IAAI;AAC1B,WAAO,KAAK,QAAQ;AAAA,MAClB,UAAU;AAAA,MACV,QAAQ;AAAA,MACR,YAAY;AAAA,IACd,CAAC;AAAA,EACH;AAEF;;;ACCO,IAAM,WAAN,cAAuB,YAAY;AAAA,EACxC,MAAa,aAAa,QAAgB,QAA4B;AACpE,SAAK,cAAc,MAAM;AACzB,UAAM,EAAE,eAAe,gBAAgB,GAAG,WAAW,IAAI;AAEzD,UAAM,UAAkC,CAAC;AACzC,QAAI,gBAAgB;AAClB,cAAQ,SAAS,IAAI;AAAA,IACvB;AAEA,UAAM,aAAa;AAAA,MACjB,YAAY;AAAA,MACZ;AAAA,MACA,GAAG;AAAA,IACL;AAEA,WAAO,KAAK,QAAQ;AAAA,MAClB,UAAU;AAAA,MACV,QAAQ;AAAA,MACR;AAAA,MACA;AAAA,MACA,cAAc;AAAA,IAChB,CAAC;AAAA,EACH;AAAA,EAEA,MAAa,oCACX,QACA,QACA,SACA;AACA,SAAK,cAAc,MAAM;AAEzB,UAAM,UAAkC,CAAC;AACzC,QAAI,SAAS,SAAS;AACpB,cAAQ,SAAS,IAAI,QAAQ;AAAA,IAC/B;AAEA,WAAO,KAAK,QAA4B;AAAA,MACtC,UAAU;AAAA,MACV,QAAQ;AAAA,MACR;AAAA,MACA,YAAY;AAAA,MACZ,cAAc;AAAA,IAChB,CAAC;AAAA,EACH;AACF;;;ACvDO,IAAM,WAAN,cAAuB,YAAY;AAAA,EACtC,MAAa,YAAY,QAAgB,QAAwB,SAA2B;AAC5F,SAAK,cAAc,MAAM;AACzB,UAAM,EAAE,GAAG,WAAW,IAAI;AAE1B,UAAM,UAAkC,CAAC;AACzC,QAAI,SAAS,SAAS;AACpB,cAAQ,SAAS,IAAI,QAAQ;AAAA,IAC/B;AACA,WAAO,KAAK,QAAc;AAAA,MACxB,UAAU;AAAA,MACV,QAAQ;AAAA,MACR;AAAA,MACA,YAAY;AAAA,MACZ,cAAc;AAAA,IAChB,CAAC;AAAA,EACH;AACF;;;ACdA,SAAS,aAAa,cAAc;AAmBpC,IAAM,cAAc,MAAM,KAAK,UAAU;AAElC,IAAM,UAAmB;AAAA,EAC9B;AAAA,EACA,IAAI,QAAQ;AAEV,WAAO,QAAQ,IAAI,aAAa,SAAS,QAAQ;AAAA,EACnD;AAAA,EACA,iBAAiB,WAAW;AAAA,EAC5B,MAAM,WAAW;AAAA,EACjB,UAAU,WAAW;AAAA,EACrB,SAAS,WAAW;AAAA,EACpB,SAAS,WAAW;AAAA,EACpB,UAAU,WAAW;AACvB;;;AChDO,IAAM,8BAA8B,QAAQ,IAAI;AAEhD,SAAS,eAAmC;AACjD,MAAI,OAAO,YAAY,YAAa,QAAO;AAC3C,SAAO;AACT;AAEO,SAAS,cAAuB;AACrC,SAAO,CAAC,CAAC,aAAa;AACxB;;;ACHO,IAAM,iBAAiB,CAAC,WAAmB;AAChD,SAAO,iEAAiE,MAAM;AAChF;AAEO,IAAM,0BAA0B,CAAC,WAAmB;AACzD,SAAO,mDAAmD,MAAM;AAClE;AAEO,IAAM,qBAAqB,CAAC,WAAmB;AACpD,SAAO,6EAA6E,MAAM;AAC5F;AAEO,IAAM,iBAAiB,CAAC,WAAmB;AAChD,SAAO,iEAAiE,MAAM;AAChF;AAEO,IAAM,yBAAyB,CAAC,WAAmB;AACxD,MAAI,YAAY,KAAK,6BAA6B;AAChD,QAAI,WAAW;AACf,QAAI,4BAA4B,WAAW,SAAS,GAAG;AACrD,iBAAW;AAAA,IACb;AAEA,WAAO,GAAG,QAAQ,GAAG,2BAA2B,yEAAyE,MAAM;AAAA,EACjI;AACA,SAAO,gFAAgF,MAAM;AAC/F;AAEO,IAAM,wBAAwB,CAAC,WAAmB;AACvD,SAAO,wEAAwE,MAAM;AACvF;;;ACuBA,IAAM,wBAA8E;AAAA,EAClF,cAAc;AAAA,EACd;AAAA,EACA,QAAQ;AAAA,EACR,uBAAuB;AAAA,EACvB,eAAe;AAAA,EACf,aAAa;AAAA,EACb,QAAQ;AACV;AAGO,SAAS,cAAc,SAA+B;AAC3D,QAAM,YAAY,OAChB,mBACmC;AACnC,UAAM,EAAE,UAAU,QAAQ,QAAQ,aAAa,cAAc,YAAY,SAAS,IAChF;AAGF,QAAI,CAAC,QAAQ;AACX,aAAO;AAAA,QACL,MAAM;AAAA,QACN,QAAQ;AAAA,UACN;AAAA,YACE,QAAQ;AAAA,YACR,QAAQ;AAAA,YACR,SAAS;AAAA,YACT,MAAM;AAAA,UACR;AAAA,QACF;AAAA,MACF;AAAA,IACF;AAEA,UAAM,cAAc,sBAAsB,QAAQ,EAAE,MAAM;AAC1D,UAAM,WAAW,IAAI,IAAI,WAAW;AAEpC,QAAI,aAAa;AACf,aAAO,QAAQ,WAAW,EAAE,QAAQ,CAAC,CAAC,KAAK,KAAK,MAAM;AACpD,YAAI,OAAO;AACT,WAAC,KAAK,EAAE,KAAK,EAAE,QAAQ,OAAK,SAAS,aAAa,OAAO,KAAK,CAAW,CAAC;AAAA,QAC5E;AAAA,MACF,CAAC;AAAA,IACH;AAEA,UAAM,UAA+B;AAAA,MACnC,GAAG;AAAA,IACL;AACA,QAAI;AAEJ,QAAI;AACF,UAAI,UAAU;AACZ,cAAM,MAAM,QAAQ,MAAM,SAAS,MAAM;AAAA,UACvC;AAAA,UACA;AAAA,UACA,MAAM;AAAA,QACR,CAAC;AAAA,MACH,OAAO;AACL,gBAAQ,cAAc,IAAI;AAC1B,cAAM,UACJ,WAAW,SAAS,cAAc,OAAO,KAAK,UAAU,EAAE,SAAS;AACrE,cAAM,OAAO,UAAU,EAAE,MAAM,KAAK,UAAU,UAAU,EAAE,IAAI;AAE9D,cAAM,MAAM,QAAQ,MAAM,SAAS,MAAM;AAAA,UACvC;AAAA,UACA;AAAA,UACA,GAAG;AAAA,QACL,CAAC;AAAA,MACH;AAEA,YAAM,iBACJ,KAAK,WACL,IAAI,SAAS,IAAI,UAAU,QAAQ,WAAW,MAC5C,UAAU,aAAa;AAC3B,YAAM,eAAe,OAAO,iBAAiB,IAAI,KAAK,IAAI,IAAI,KAAK;AAGnE,UAAI,CAAC,IAAI,IAAI;AACX,eAAO;AAAA,UACL,MAAM;AAAA,UACN,QAAQ,YAAY,YAAY;AAAA,UAChC,QAAQ,KAAK;AAAA,UACb,YAAY,KAAK;AAAA,QACnB;AAAA,MACF;AAEA,aAAO;AAAA,QACL,MAAM;AAAA,QACN,QAAQ;AAAA,MACV;AAAA,IACF,SAAS,OAAO;AACd,UAAI,iBAAiB,OAAO;AAC1B,eAAO;AAAA,UACL,MAAM;AAAA,UACN,QAAQ;AAAA,YACN;AAAA,cACE,QAAQ;AAAA,cACR,QAAQ;AAAA,cACR,SAAS,MAAM,WAAW;AAAA,cAC1B,MAAM;AAAA,YACR;AAAA,UACF;AAAA,QACF;AAAA,MACF;AAEA,aAAO;AAAA,QACL,MAAM;AAAA,QACN,QAAQ,YAAY,KAAK;AAAA,QACzB,QAAQ,KAAK;AAAA,QACb,YAAY,KAAK;AAAA,MACnB;AAAA,IACF;AAAA,EACF;AACA,SAAO;AACT;AAEA,SAAS,YAAY,MAA0C;AAC7D,MAAI,aAAa;AACjB,MAAI,OAAO,SAAS,UAAU;AAC5B,QAAI;AACF,mBAAa,KAAK,MAAM,IAAI;AAAA,IAC9B,SAAS,OAAO;AACd,aAAO,CAAC;AAAA,IACV;AAAA,EACF;AAEA,MAAI,CAAC,cAAc,OAAO,eAAe,UAAU;AACjD,WAAO,CAAC;AAAA,EACV;AAEA,MAAI,WAAW,cAAc,OAAO,WAAW,UAAU,YAAY,WAAW,UAAU,MAAM;AAC9F,UAAM,WAAW,WAAW;AAE5B,QAAI,YAAY,YAAY,MAAM,QAAQ,SAAS,MAAM,KAAK,SAAS,OAAO,SAAS,GAAG;AACxF,aAAO,SAAS,OAAO,IAAI,CAAC,QAAa,WAAW;AAAA,QAClD,MAAM,SAAS,QAAQ;AAAA,QACvB,SAAS,IAAI,WAAW;AAAA,QACxB,QAAQ,IAAI;AAAA,QACZ,QAAQ,IAAI;AAAA,MACd,CAAC,CAAC;AAAA,IACJ;AAGA,WAAO,CAAC,WAAW;AAAA,MACjB,MAAM,SAAS,MAAM,SAAS,KAAK;AAAA,MACnC,SAAS,SAAS,WAAW;AAAA,MAC7B,QAAQ,SAAS,UAAU;AAAA,MAC3B,QAAQ,SAAS,UAAU,SAAS,MAAM,SAAS,KAAK;AAAA,IAC1D,CAAC,CAAC;AAAA,EACJ;AAEA,SAAO,CAAC;AACV;AAEO,SAAS,WAAW,OAA6D;AACtF,SAAO;AAAA,IACL,QAAQ,MAAM;AAAA,IACd,QAAQ,MAAM;AAAA,IACd,SAAS,MAAM;AAAA,IACf,MAAM,MAAM;AAAA,EACd;AACF;;;ACrNO,SAAS,cAAc,SAA+B;AAC3D,QAAM,UAAU,cAAc,OAAO;AACrC,SAAO;AAAA,IACL,OAAO,IAAI,SAAS,OAAO;AAAA,IAC3B,UAAU,IAAI,YAAY,OAAO;AAAA,IACjC,QAAQ,IAAI,eAAe,OAAO;AAAA,IAClC,QAAQ,IAAI,UAAU,OAAO;AAAA,IAC7B,QAAQ,IAAI,SAAS,OAAO;AAAA,IAC5B,UAAU,IAAI,SAAS,OAAO;AAAA,EAChC;AACF;;;ACVA,IAAM,iBAAmC;AAAA,EACvC,QAAQ;AAAA,EACR,QAAQ;AAAA,EACR,YAAY;AACd;AAEO,SAAS,uBACd,cAAgC,CAAC,GACf;AAClB,SAAO;AAAA,IACL,GAAG;AAAA,IACH,GAAG;AAAA,EACL;AACF;;;ACnBA,SAAS,UAA4B;;;AC6CrC,IAAM,0BAAN,MAAiE;AAAA,EACxD,YACG,mBACA,SACR;AAFQ;AACA;AAER,SAAK,iBAAiB;AACtB,SAAK,iBAAiB;AACtB,SAAK,oBAAoB;AACzB,SAAK,cAAc;AACnB,WAAO,OAAO,MAAM,OAAO;AAC3B,SAAK,UAAU,KAAK,kBAAkB;AAAA,EACxC;AAAA,EAEA,IAAW,UAA6B;AACtC,WAAO,KAAK;AAAA,EACd;AAAA,EAEQ,mBAAmB;AACzB,SAAK,uBAAuB,KAAK;AAAA,MAC/B,KAAK,UAAU,UAAU,QAAQ,aAAa;AAAA,IAChD;AACA,SAAK,SAAS,KAAK,UAAU,UAAU,QAAQ,MAAM;AACrD,SAAK,OAAO,KAAK,UAAU,UAAU,QAAQ,IAAI;AACjD,SAAK,gBAAgB,KAAK,UAAU,UAAU,QAAQ,aAAa;AACnE,SAAK,iBACH,KAAK,UAAU,UAAU,QAAQ,wBAAwB,KACzD,KAAK,UAAU,UAAU,QAAQ,cAAc;AACjD,SAAK,WAAW,KAAK,UAAU,UAAU,QAAQ,QAAQ;AACzD,SAAK,YAAY,KAAK,UAAU,UAAU,QAAQ,SAAS;AAC3D,SAAK,eAAe,KAAK,UAAU,UAAU,QAAQ,YAAY;AACjE,SAAK,SAAS,KAAK,UAAU,UAAU,QAAQ,MAAM;AAAA,EACvD;AAAA,EAEQ,mBAAmB;AACzB,UAAM,eAAe,QAAQ,IAAI,aAAa;AAC9C,UAAM,gBAAgB,eAAe,YAAY;AACjD,SAAK,uBAAuB,KAAK,UAAU,UAAU,QAAQ,OAAO;AAGpE,SAAK,kBAAkB,KAAK,UAAU,GAAG,aAAa,GAAG,UAAU,QAAQ,OAAO,EAAE;AACpF,SAAK,uBAAuB,KAAK,UAAU,GAAG,aAAa,GAAG,UAAU,QAAQ,OAAO,EAAE;AACzF,SAAK,oBAAoB,KAAK,UAAU,UAAU,QAAQ,SAAS;AACnE,SAAK,sBAAsB,KAAK,UAAU,UAAU,QAAQ,MAAM;AAClE,SAAK,WAAW,OAAO,SAAS,KAAK,UAAU,UAAU,QAAQ,OAAO,KAAK,KAAK,EAAE;AAAA,EACtF;AAAA,EAEQ,sBAAsB;AAC5B,SAAK,iBAAiB,KAAK,cAAc,UAAU,gBAAgB,SAAS,KAAK,KAAK,UAAU,UAAU,QAAQ,SAAS;AAC3H,SAAK,iBAAiB,KAAK,cAAc,UAAU,gBAAgB,cAAc,KAAK,KAAK,UAAU,UAAU,QAAQ,cAAc;AAAA,EACvI;AAAA,EAEQ,gBAAgB;AACtB,SAAK,SAAS,KAAK,kBAAkB;AACrC,SAAK,eAAe,KAAK,kBAAkB,QAAQ,SAAS,MAAM,GAAG,EAAE,OAAO,OAAO;AACrF,SAAK,WAAW,KAAK,aAAa,CAAC;AACnC,SAAK,cAAc,KAAK,aAAa,CAAC;AAAA,EACxC;AAAA,EAEQ,cAAc,MAAc;AAClC,WAAO,KAAK,kBAAkB,QAAQ,aAAa,IAAI,IAAI;AAAA,EAC7D;AAAA,EAEQ,UAAU,MAAc;AAC9B,WAAO,KAAK,kBAAkB,QAAQ,IAAI,IAAI,KAAK;AAAA,EACrD;AAAA,EAEQ,UAAU,MAAc;AAC9B,WAAO,KAAK,kBAAkB,QAAQ,IAAI,IAAI,KAAK;AAAA,EACrD;AAAA,EAEQ,yBACN,qBACoB;AACpB,QAAI,CAAC,qBAAqB;AACxB,aAAO;AAAA,IACT;AAEA,UAAM,CAAC,QAAQ,KAAK,IAAI,oBAAoB,MAAM,KAAK,CAAC;AAExD,QAAI,CAAC,OAAO;AAEV,aAAO;AAAA,IACT;AAEA,QAAI,WAAW,UAAU;AACvB,aAAO;AAAA,IACT;AAGA,WAAO;AAAA,EACT;AACF;AAIO,IAAM,yBAAyB,CACpC,mBACA,YAC4B;AAC5B,SAAO,IAAI,wBAAwB,mBAAmB,OAAO;AAC/D;;;ACjJA,SAAS,iBAAiB,0BAA0B,uBAAuB;;;AFsB3E,SAAS,uBAAuB,SAA2B;AACzD,SAAO,QAAQ,QAAQ,IAAI,eAAe;AAC5C;AAEA,SAAS,iBAAiB,OAAoB;AAC5C,SAAO,GAAG,KAAK,IAAI;AACrB;AAEA,SAAS,oBACP,OACA,SACA,SACA;AACA,SACE,MAAM,WAAW,6BAA6B,gBAC9C,CAAC,CAAC,QAAQ,wBACV,QAAQ,WAAW;AAEvB;AAEA,eAAsB,oBACpB,SACA,SACuB;AACvB,QAAM,UAAU,uBAAuB,wBAAwB,OAAO,GAAG,OAAO;AAChF,QAAM,EAAE,qBAAqB,IAAI;AAEjC,QAAM,EAAE,sBAAsB,IAAI,QAAQ,OAAO;AAEjD,WAAS,oBAAoB,eAA8C;AACzE,UAAM,uBAAuB,iBAAiB,QAAQ;AACtD,UAAM,wBAAwB,QAAQ,SAAS,SAC3C,iBAAiB,QAAQ,QAAQ,MAAM,IACvC;AAEJ,UAAM,cAAc,KAAK,MAAM,KAAK,IAAI,IAAI,GAAI;AAChD,UAAM,UAAU,cAAc;AAE9B,YAAQ,IAAI,iBAAiB,aAAa,aAAa,SAAS,sBAAsB,qBAAqB;AAE3G,QAAI,gBAAgB,KAAK,UAAU,uBAAuB;AACxD,aAAO,UAAU,SAAS,gBAAgB,aAAa,wBAAwB;AAAA,IACjF;AAEA,WAAO;AAAA,EACT;AAEA,iBAAe,eAAe;AAC5B,QAAI,CAAC,sBAAsB;AACzB,aAAO;AAAA,QACL,MAAM;AAAA,QACN,OAAO;AAAA,UACL,SAAS;AAAA,UACT,QAAQ,gBAAgB;AAAA,QAC1B;AAAA,MACF;AAAA,IACF;AACA,WAAO,MAAM,sBAAsB,sBAAsB;AAAA,MACvD,SAAS,QAAQ,QAAQ;AAAA,IAC3B,CAAC;AAAA,EACH;AAEA,iBAAe,gBAGb;AACA,UAAM,EAAE,MAAM,eAAe,MAAM,IAAI,MAAM,aAAa;AAC1D,QAAI,CAAC,eAAe;AAClB,aAAO,EAAE,MAAM,MAAM,MAAM;AAAA,IAC7B;AAEA,UAAM,UAAU,IAAI,QAAQ;AAC5B,UAAM,EAAE,QAAQ,IAAI;AAEpB,UAAM,SAAS,MAAM,KAAK,KAAK;AAC/B,UAAM,eAAe,gBAAgB;AACrC,UAAM,oBAAoB,yBAAyB,UAAU,QAAQ,SAAS,YAAY;AAC1F,UAAM,uBAAuB,8CAAmD,MAAM;AAEtF,UAAM,gBAAgB,GAAG,iBAAiB,IAAI,OAAO,KAAK,oBAAoB;AAC9E,YAAQ,OAAO,cAAc,aAAa;AAE1C,UAAM,EAAE,MAAM,SAAS,OAAO,IAAI,MAAM,YAAY,SAAS,OAAO;AACpE,QAAI,QAAQ;AACV,aAAO;AAAA,QACL,MAAM;AAAA,QACN,OAAO,SAAS,OAAO,CAAC,IAAI,IAAI,MAAM,kCAAkC;AAAA,MAC1E;AAAA,IACF;AACA,WAAO,EAAE,MAAM,EAAE,SAAS,OAAO,SAAS,QAAQ,GAAG,OAAO,KAAK;AAAA,EACnE;AAEA,iBAAe,mCACbA,UACA,QACA,SACA,mBAA4B,OACa;AACzC,UAAM,0BAA0B,CAAC,CAACA,SAAQ;AAC1C,QAAI,CAAC,yBAAyB;AAC5B,aAAO,UAAUA,UAAS,QAAQ,iCAAiC;AAAA,IACrE;AAEA,QAAI,WAAW,gBAAgB,4BAA4B;AACzD,UAAI,CAAC,kBAAkB;AACrB,cAAM,uBAAuB,oBAAoBA,SAAQ,QAAQ;AACjE,YAAI,sBAAsB;AACxB,iBAAO;AAAA,QACT;AAAA,MACF;AAEA,YAAM,EAAE,MAAM,MAAM,IAAI,MAAM,cAAc;AAE5C,UAAI,MAAM;AACR,eAAO,SAASA,UAAS,KAAK,SAAS,KAAK,SAAS,KAAK,KAAK;AAAA,MACjE;AAEA,aAAO,UAAUA,UAAS,QAAQ,2BAA2B;AAAA,IAC/D;AAGA,QAAI,WAAW,gBAAgB,8BAC3B,WAAW,gBAAgB,8BAA8B;AAE3D,YAAM,EAAE,MAAM,OAAO,IAAI,cAAcA,SAAQ,eAAgB;AAE/D,UAAI,QAAQ;AACV,cAAM,OAAO,CAAC;AAAA,MAChB;AAEA,YAAM,WAAW,KAAK,QAAQ;AAE9B,UAAI,CAAC,YAAY,OAAO,aAAa,UAAU;AAC7C,eAAO,UAAUA,UAAS,QAAQ,yBAAyB;AAAA,MAC7D;AAEA,UAAI,CAAC,kBAAkB;AACrB,cAAM,uBAAuB,oBAAoB,QAAQ;AACzD,YAAI,sBAAsB;AACxB,iBAAO;AAAA,QACT;AAAA,MACF;AAGA,YAAM,EAAE,MAAM,eAAe,QAAQ,aAAa,IAAI,MAAM,YAAYA,SAAQ,iBAAkB,OAAO;AAEzG,UAAI,cAAc;AAChB,cAAM,aAAa,CAAC;AAAA,MACtB;AAEA,YAAM,UAAU,IAAI,QAAQ;AAC5B,YAAM,mBAAmB,MAAM,KAAK,KAAK;AACzC,YAAM,gBAAgB,GAAG,UAAU,QAAQ,OAAO,IAAI,QAAQ,aAAa,gBAAgB;AAC3F,cAAQ,OAAO,cAAc,aAAa;AAG1C,aAAO,SAASA,UAAS,eAAe,SAASA,SAAQ,eAAgB;AAAA,IAC3E;AAEA,WAAO,UAAUA,UAAS,QAAQ,OAAO;AAAA,EAC3C;AAEA,iBAAe,uCAAuC;AACpD,UAAM,cAAc,QAAQ;AAC5B,UAAM,qBAAqB,CAAC,CAAC,QAAQ;AAErC,QAAI,CAAC,eAAe,CAAC,oBAAoB;AACvC,aAAO,UAAU,SAAS,gBAAgB,0BAA0B;AAAA,IACtE;AAEA,QAAI,CAAC,eAAe,oBAAoB;AACtC,aAAO,MAAM,mCAAmC,SAAS,gBAAgB,4BAA4B,EAAE;AAAA,IACzG;AAEA,QAAI,eAAe,CAAC,oBAAoB;AACtC,aAAO,MAAM,mCAAmC,SAAS,gBAAgB,4BAA4B,EAAE;AAAA,IACzG;AAEA,UAAM,uBAAuB,oBAAoB,QAAQ,QAAQ;AACjE,QAAI,sBAAsB;AACxB,aAAO;AAAA,IACT;AAGA,UAAM,EAAE,MAAM,eAAe,QAAQ,aAAa,IAAI,cAAc,QAAQ,eAAgB;AAE5F,QAAI,cAAc;AAChB,aAAO,YAAY,aAAa,CAAC,GAAG,QAAQ;AAAA,IAC9C;AAEA,UAAM,WAAW,cAAc,QAAQ;AACvC,QAAI,CAAC,UAAU;AACb,aAAO,UAAU,SAAS,gBAAgB,qBAAqB,EAAE;AAAA,IACnE;AAEA,QAAI,WAAW,QAAQ,UAAU;AAC/B,aAAO,MAAM,mCAAmC,SAAS,gBAAgB,8BAA8B,IAAI,IAAI;AAAA,IACjH;AAEA,QAAI;AAEF,YAAM,EAAE,MAAM,OAAO,IAAI,MAAM,YAAY,QAAQ,iBAAkB,OAAO;AAE5E,UAAI,QAAQ;AACV,cAAM,OAAO,CAAC;AAAA,MAChB;AAGA,YAAM,uBAAuB,SAAS,SAAS,MAAM,QAAW,QAAQ,eAAgB;AAExF,aAAO;AAAA,IACT,SAAS,KAAK;AACZ,aAAO,YAAY,KAAK,QAAQ;AAAA,IAClC;AAEA,WAAO,UAAU,SAAS,gBAAgB,eAAe;AAAA,EAC3D;AAEA,iBAAe,uCAAuC;AACpD,UAAM,EAAE,qBAAqB,IAAI;AACjC,QAAI;AAEF,YAAM,EAAE,MAAM,OAAO,IAAI,MAAM,YAAY,sBAAuB,OAAO;AAEzE,UAAI,QAAQ;AACV,cAAM,OAAO,CAAC;AAAA,MAChB;AAGA,YAAM,uBAAuB,SAAS,SAAS,MAAM,QAAW,oBAAqB;AACrF,aAAO;AAAA,IACT,SAAS,KAAK;AACZ,aAAO,YAAY,KAAK,QAAQ;AAAA,IAClC;AAAA,EACF;AAEA,iBAAe,YACb,KACA,cACyC;AACzC,QAAI,EAAE,eAAe,yBAAyB;AAC5C,aAAO,UAAU,SAAS,gBAAgB,eAAe;AAAA,IAC3D;AAEA,QAAI;AACJ,QAAI,oBAAoB,KAAK,SAAS,OAAO,GAAG;AAC9C,YAAM,EAAE,MAAM,MAAM,IAAI,MAAM,cAAc;AAC5C,UAAI,MAAM;AACR,eAAO,SAAS,SAAS,KAAK,SAAS,KAAK,SAAS,KAAK,KAAK;AAAA,MACjE;AAEA,UAAI,OAAO,OAAO,QAAQ;AACxB,uBAAe,MAAM,MAAM;AAAA,MAC7B;AAAA,IACF,OAAO;AACL,UAAI,QAAQ,WAAW,OAAO;AAC5B,uBAAe,wBAAwB;AAAA,MACzC,WAAW,CAAC,QAAQ,sBAAsB;AACxC,uBAAe,wBAAwB;AAAA,MACzC,OAAO;AACL,uBAAe;AAAA,MACjB;AAAA,IACF;AAEA,QAAI,eAAe;AAEnB,WAAO,UAAU,SAAS,IAAI,QAAQ,IAAI,eAAe,CAAC;AAAA,EAC5D;AAEA,MAAI,uBAAuB,OAAO,GAAG;AACnC,WAAO,qCAAqC;AAAA,EAC9C;AAEA,SAAO,qCAAqC;AAC9C;;;AGvRO,SAAS,0BAA0B,QAA0C;AAClF,QAAM,mBAAmB,uBAAuB,OAAO,OAAO;AAC9D,QAAM,YAAY,OAAO;AAEzB,QAAM,4BAA4B,CAAC,SAAkB,UAA0B,CAAC,MAAM;AACpF,UAAM,EAAE,OAAO,IAAI;AACnB,WAAO,oBAAoB,SAAS,EAAE,GAAG,SAAS,QAAQ,UAAU,CAAC;AAAA,EACvE;AAEA,SAAO;AAAA,IACL,qBAAqB;AAAA,EACvB;AACF;;;ACXO,SAAS,4BAA4B,SAA4D;AACtG,QAAM,OAAO,EAAE,GAAG,QAAQ;AAC1B,QAAM,YAAY,cAAc,IAAI;AACpC,QAAM,eAAe,0BAA0B,EAAC,SAAS,MAAM,UAAS,CAAC;AAEzE,SAAO;AAAA,IACL,GAAG;AAAA,IACH,GAAG;AAAA,EACL;AACF;;;AC3BO,IAAK,WAAL,kBAAKC,cAAL;AACL,EAAAA,oBAAA,WAAQ,KAAR;AACA,EAAAA,oBAAA,UAAO,KAAP;AACA,EAAAA,oBAAA,UAAO,KAAP;AACA,EAAAA,oBAAA,WAAQ,KAAR;AAJU,SAAAA;AAAA,GAAA;AAaL,IAAM,SAAN,MAAa;AAAA,EACV;AAAA,EAER,YAAY,UAAkC,CAAC,GAAG;AAChD,SAAK,UAAU;AAAA,MACb,SAAS;AAAA,MACT,OAAO;AAAA,MACP,QAAQ;AAAA,MACR,GAAG;AAAA,IACL;AAAA,EACF;AAAA,EAEA,SAAe;AACb,SAAK,QAAQ,UAAU;AAAA,EACzB;AAAA,EAEA,UAAgB;AACd,SAAK,QAAQ,UAAU;AAAA,EACzB;AAAA,EAEA,SAAS,OAAuB;AAC9B,SAAK,QAAQ,QAAQ;AAAA,EACvB;AAAA,EAEA,UAAU,QAAsB;AAC9B,SAAK,QAAQ,SAAS;AAAA,EACxB;AAAA,EAEQ,IAAI,OAAiB,WAAmB,YAAoB,MAAmB;AACrF,QAAI,CAAC,KAAK,QAAQ,WAAW,QAAQ,KAAK,QAAQ,OAAO;AACvD;AAAA,IACF;AAEA,UAAM,aAAY,oBAAI,KAAK,GAAE,YAAY;AACzC,UAAM,mBAAmB,GAAG,SAAS,IAAI,KAAK,QAAQ,MAAM,KAAK,SAAS,KAAK,OAAO;AAEtF,YAAQ,OAAO;AAAA,MACb,KAAK;AACH,gBAAQ,MAAM,kBAAkB,GAAG,IAAI;AACvC;AAAA,MACF,KAAK;AACH,gBAAQ,KAAK,kBAAkB,GAAG,IAAI;AACtC;AAAA,MACF,KAAK;AACH,gBAAQ,KAAK,kBAAkB,GAAG,IAAI;AACtC;AAAA,MACF,KAAK;AACH,gBAAQ,MAAM,kBAAkB,GAAG,IAAI;AACvC;AAAA,IACJ;AAAA,EACF;AAAA,EAEA,MAAM,YAAoB,MAAmB;AAC3C,SAAK,IAAI,eAAgB,SAAS,SAAS,GAAG,IAAI;AAAA,EACpD;AAAA,EAEA,KAAK,YAAoB,MAAmB;AAC1C,SAAK,IAAI,cAAe,QAAQ,SAAS,GAAG,IAAI;AAAA,EAClD;AAAA,EAEA,KAAK,YAAoB,MAAmB;AAC1C,SAAK,IAAI,cAAe,QAAQ,SAAS,GAAG,IAAI;AAAA,EAClD;AAAA,EAEA,MAAM,YAAoB,MAAmB;AAC3C,SAAK,IAAI,eAAgB,SAAS,SAAS,GAAG,IAAI;AAAA,EACpD;AACF;AAEO,IAAM,eAAe,CAAC,YAA6C;AACxE,SAAO,IAAI,OAAO,OAAO;AAC3B;AAEO,IAAM,cAAc,aAAa,EAAE,QAAQ,qBAAqB,CAAC;AACjE,IAAM,aAAa,aAAa,EAAE,QAAQ,oBAAoB,CAAC;;;ACrF/D,SAAS,qBAA2B;AACzC,aAAW,OAAO;AAClB,aAAW,sBAAuB;AAElC,cAAY,OAAO;AACnB,cAAY,sBAAuB;AACrC;AAEO,SAAS,sBAA4B;AAC1C,aAAW,QAAQ;AACnB,cAAY,QAAQ;AACtB;AAEO,SAAS,YAAY,OAAuB;AACjD,aAAW,SAAS,KAAK;AACzB,cAAY,SAAS,KAAK;AAC5B;;;ACfO,IAAM,kBAAN,MAAqD;AAAA,EAClD;AAAA,EACA;AAAA,EAER,YAAY,QAAwB;AAClC,SAAK,SAAS;AACd,SAAK,YAAY,OAAO,SAAS;AAAA,EACnC;AAAA,EAEA,kBAAkB,OAAM,QAAoD;AAC1E,QAAI;AAGF,YAAM,WAAW,MAAM,MAAM,KAAK,OAAO,KAAK;AAAA,QAC5C,QAAQ;AAAA,QACR,SAAS;AAAA,UACP,gBAAgB;AAAA,UAChB,iBAAiB,UAAU,KAAK,OAAO,KAAK;AAAA,QAC9C;AAAA,QACA,MAAM,KAAK,UAAU;AAAA,UACnB,OAAO,2DAA2D,KAAK,SAAS;AAAA,UAChF,QAAQ,CAAC,GAAG;AAAA,QACd,CAAC;AAAA,MACH,CAAC;AAED,UAAI,CAAC,SAAS,IAAI;AAChB,cAAM,IAAI,MAAM,uBAAuB,SAAS,MAAM,EAAE;AAAA,MAC1D;AAEA,YAAM,SAAS,MAAM,SAAS,KAAK;AAEnC,UAAI,OAAO,QAAQ,OAAO,KAAK,SAAS,GAAG;AACzC,cAAM,MAAM,OAAO,KAAK,CAAC;AACzB,cAAM,eAAmC;AAAA,UACvC,KAAK,IAAI;AAAA,UACT,OAAO,IAAI;AAAA,UACX,cAAc,IAAI;AAAA,QACpB;AAEA,mBAAW,MAAM,wBAAwB,GAAG,EAAE;AAC9C,eAAO;AAAA,MACT;AAEA,iBAAW,MAAM,2BAA2B,GAAG,EAAE;AACjD,aAAO;AAAA,IACT,SAAS,OAAO;AACd,iBAAW,MAAM,gDAAgD,KAAK;AACtE,aAAO;AAAA,IACT;AAAA,EACF;AACF;;;ACrDA,SAAS,aAAa;AActB,IAAM,WAAN,MAAkB;AAAA,EACR,QAAQ,oBAAI,IAA2B;AAAA,EAC9B;AAAA,EAEjB,YAAY,eAAuB,KAAO;AACxC,SAAK,aAAa;AAAA,EACpB;AAAA,EAEA,IAAI,KAAa,OAAU,OAAsB;AAC/C,UAAM,YAAY,KAAK,IAAI,KAAK,SAAS,KAAK;AAC9C,SAAK,MAAM,IAAI,KAAK,EAAE,OAAO,UAAU,CAAC;AACxC,YAAQ,IAAI,qBAAqB,GAAG,WAAW,KAAK,UAAU,KAAK,CAAC,eAAe,SAAS,eAAe,KAAK,MAAM,IAAI,EAAE;AAAA,EAC9H;AAAA,EAEQ,SAAS,KAAwC;AACvD,UAAM,QAAQ,KAAK,MAAM,IAAI,GAAG;AAChC,QAAI,CAAC,MAAO,QAAO;AAEnB,UAAM,MAAM,KAAK,IAAI;AACrB,QAAI,MAAM,MAAM,WAAW;AACzB,cAAQ,IAAI,iBAAiB,GAAG,iBAAiB,GAAG,eAAe,MAAM,SAAS,GAAG;AACrF,WAAK,MAAM,OAAO,GAAG;AACrB,aAAO;AAAA,IACT;AAEA,WAAO;AAAA,EACT;AAAA,EAEA,IAAI,KAA4B;AAC9B,UAAM,QAAQ,KAAK,SAAS,GAAG;AAC/B,UAAM,WAAW,UAAU;AAC3B,UAAM,cAAc,KAAK,MAAM,IAAI,GAAG;AACtC,UAAM,WAAW,KAAK,MAAM,IAAI,GAAG;AAEnC,YAAQ,IAAI,qBAAqB,GAAG,cAAc,QAAQ,iBAAiB,WAAW,EAAE;AACxF,YAAQ,IAAI,0BAA0B,KAAK,UAAU,QAAQ,CAAC,WAAW,KAAK,UAAU,KAAK,CAAC,EAAE;AAEhG,QAAI,CAAC,OAAO;AACV,cAAQ,IAAI,wCAAwC,GAAG,uBAAuB;AAC9E,aAAO;AAAA,IACT;AAEA,YAAQ,IAAI,iCAAiC,KAAK,UAAU,MAAM,KAAK,CAAC,YAAY,GAAG,EAAE;AACzF,WAAO,MAAM;AAAA,EACf;AAAA,EAGA,OAAO,KAAsB;AAC3B,WAAO,KAAK,MAAM,OAAO,GAAG;AAAA,EAC9B;AAAA,EAEA,QAAc;AACZ,SAAK,MAAM,MAAM;AAAA,EACnB;AAAA,EAEA,UAAgB;AACd,UAAM,MAAM,KAAK,IAAI;AACrB,eAAW,CAAC,KAAK,KAAK,KAAK,KAAK,MAAM,QAAQ,GAAG;AAC/C,UAAI,MAAM,MAAM,WAAW;AACzB,aAAK,MAAM,OAAO,GAAG;AAAA,MACvB;AAAA,IACF;AAAA,EACF;AACF;AAEO,IAAM,eAAN,MAAkD;AAAA,EAC/C;AAAA,EACA;AAAA,EACA;AAAA,EAER,YAAY,QAAqB;AAC/B,SAAK,QAAQ,IAAI,MAAM;AAAA,MACrB,KAAK,OAAO;AAAA,MACZ,OAAO,OAAO;AAAA,IAChB,CAAC;AAED,SAAK,YAAY,OAAO,aAAa;AACrC,UAAM,WAAW,OAAO,OAAO;AAC/B,SAAK,QAAQ,IAAI,SAAoC,QAAQ;AAE7D,gBAAY,MAAM,KAAK,MAAM,QAAQ,GAAG,IAAI,KAAK,GAAI;AAAA,EACvD;AAAA,EAEA,kBAAkB,OAAO,QAAoD;AAC3E,UAAM,WAAW,GAAG,KAAK,SAAS,GAAG,GAAG;AAExC,eAAW,MAAM,yCAAyC,QAAQ,EAAE;AAGpE,UAAM,eAAe,KAAK,MAAM,IAAI,QAAQ;AAC5C,eAAW,MAAM,sCAAsC,QAAQ,KAAK;AAAA,MAClE,cAAc,KAAK,UAAU,YAAY;AAAA,MACzC,aAAa,iBAAiB;AAAA,MAC9B,MAAM,OAAO;AAAA,IACf,CAAC;AAED,QAAI,iBAAiB,QAAW;AAC9B,iBAAW,MAAM,gCAAgC,GAAG,IAAI;AAAA,QACtD;AAAA,QACA,cAAc,KAAK,UAAU,YAAY;AAAA,MAC3C,CAAC;AACD,aAAO;AAAA,IACT;AAEA,eAAW;AAAA,MACT,iCAAiC,GAAG,mCAAmC,QAAQ;AAAA,IACjF;AAEA,QAAI;AACF,YAAM,eACJ,MAAM,KAAK,MAAM,IAAI,QAAQ;AAE/B,iBAAW,MAAM,0BAA0B,QAAQ,KAAK;AAAA,QACtD,cAAc,KAAK,UAAU,YAAY;AAAA,QACzC,MAAM,OAAO;AAAA,MACf,CAAC;AAGD,WAAK,MAAM,IAAI,UAAU,YAAY;AAErC,iBAAW,MAAM,oCAAoC,GAAG,IAAI;AAAA,QAC1D;AAAA,QACA,YAAY,CAAC,CAAC;AAAA,QACd,aAAa,KAAK,UAAU,YAAY;AAAA,MAC1C,CAAC;AAED,aAAO;AAAA,IACT,SAAS,OAAO;AACd,iBAAW,MAAM,6CAA6C,KAAK;AACnE,aAAO;AAAA,IACT;AAAA,EACF;AAAA,EAEA,gBAAgB,KAAmB;AACjC,UAAM,WAAW,GAAG,KAAK,SAAS,GAAG,GAAG;AACxC,SAAK,MAAM,OAAO,QAAQ;AAAA,EAC5B;AACF;;;ACnJO,SAAS,cACd,QACqB;AACrB,UAAQ,OAAO,MAAM;AAAA,IACnB,KAAK;AACH,aAAO,IAAI,aAAa,OAAO,MAAa;AAAA,IAC9C,KAAK;AACH,aAAO,IAAI,gBAAgB,OAAO,MAAa;AAAA,IACjD;AACE,YAAM,IAAI,MAAM,6BAA8B,OAAe,IAAI,EAAE;AAAA,EACvE;AACF;AAEO,SAAS,4BAA4B,SAGH;AACvC,MAAI,SAAS,WAAW,CAAC,QAAQ,SAAS;AACxC,WAAO;AAAA,MACL,SAAS;AAAA,MACT,OAAO;AAAA,IACT;AAAA,EACF;AACA,SAAO,EAAE,SAAS,KAAK;AACzB;","names":["context","LogLevel"]}